Bug 934758 - (CVE-2015-4556) CVE-2015-4556: chicken: Scheme's string-translate* procedure
CVE-2015-4556: chicken: Scheme's string-translate* procedure
Status: NEW
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Togan Muftuoglu
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2015-06-15 14:10 UTC by Andreas Stieger
Modified: 2015-06-15 14:11 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-06-15 14:10:57 UTC
Courtesy bug from the SUSE security team for devel:languages:misc chicken. Not in any openSUSE or SUSE release.

Via oss-sec:

> I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's
> string-translate* procedure, which is similar to CVE-2014-9651, but is a
> separate issue.  The internals of this procedure would invoke memcmp() on
> each index of the string being searched in, with a length of the source
> string in the alist map argument, which caused it to read beyond the bounds
> of the searched string.
> This bug affects all released versions of CHICKEN prior to 4.10.0.  There
> are no known workarounds at this time.
> The original announcement can be found here, including a link to the patch:
> http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html


And update to the current version of the package should resolve this bug.