On Thu, Sep 26, 2013 at 09:02:16PM +0200, Peter Bex wrote: > Hello CHICKEN users, > > A problem was found with the read-string! procedure from the "extras" > unit, when used in a very particular way. > [...] > It turned out that there was a missing check for the situation when > NUM was #f and the input size to be read from the port exceeded the > given buffer's (STRING's) size. This will result in a buffer overrun, > which may lead to general corruption of the stack or heap, and > can potentially be used to execute arbitrary code.
This has been assigned CVE-2013-4385. Kind regards, The CHICKEN Team _______________________________________________ Chicken-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-users
