First Last Prev Next    This bug is not in your last search results.
Bug 1148736 - (CVE-2019-15767) VUL-0: CVE-2019-15767: gnuchess: In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.
(CVE-2019-15767)
VUL-0: CVE-2019-15767: gnuchess: In GNU Chess 6.2.5, there is a stack-based b...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.0
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/241421/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-29 09:43 UTC by Wolfgang Frisch
Modified: 2020-06-08 09:51 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer EBD file (16.44 KB, text/plain)
2019-10-02 13:56 UTC, Wolfgang Frisch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-08-29 09:43:04 UTC 
CVE-2019-15767

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load
function in frontend/cmd.cc via a crafted chess position in an EPD file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15767
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00005.html
Comment 3 Wolfgang Frisch 2019-10-02 13:56:10 UTC 
Created attachment 820267 [details]
Reproducer EBD file

$ gnuchess
load AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtest2

→ Output:
GNU Chess 6.2.5
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
White (1) : load AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtest2 

 : Best move = 1

black  

r . . . . . k . 
p . p . . . p . 
. . . b q r . . 
. . . p N . . p 
. . . p p B . . 
P . . . . . . . 
. P . . . P . Q 
R . . . R . K . 
 
*** stack smashing detected ***: <unknown> terminated
Aborted (core dumped)
Comment 4 Wolfgang Frisch 2019-10-02 13:57:58 UTC 
This vulnerability is neutralized by the default SUSE toolchain which uses gcc -fstack-protector.

We can close this bug and wait for upstream to release a new version.
Comment 6 Matej Cepl 2020-04-19 21:12:35 UTC 
I have submitted new version of gnuchess, which fixes this.
Comment 7 Swamp Workflow Management 2020-04-20 23:10:05 UTC 
This is an autogenerated message for OBS integration:
This bug (1148736) was mentioned in
https://build.opensuse.org/request/show/795914 15.2 / gnuchess
Comment 8 Matej Cepl 2020-06-08 09:45:45 UTC 
Update has been prepared, this bug can be closed.
First Last Prev Next    This bug is not in your last search results.