Bug 934758 - (CVE-2015-4556) CVE-2015-4556: chicken: Scheme's string-translate* procedure
(CVE-2015-4556)
CVE-2015-4556: chicken: Scheme's string-translate* procedure
Status: NEW
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software
unspecified
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Togan Muftuoglu
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-15 14:10 UTC by Andreas Stieger
Modified: 2015-06-15 14:11 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-06-15 14:10:57 UTC
Courtesy bug from the SUSE security team for devel:languages:misc chicken. Not in any openSUSE or SUSE release.

Via oss-sec:

> I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme's
> string-translate* procedure, which is similar to CVE-2014-9651, but is a
> separate issue.  The internals of this procedure would invoke memcmp() on
> each index of the string being searched in, with a length of the source
> string in the alist map argument, which caused it to read beyond the bounds
> of the searched string.
> 
> This bug affects all released versions of CHICKEN prior to 4.10.0.  There
> are no known workarounds at this time.
> 
> The original announcement can be found here, including a link to the patch:
> http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4556
http://seclists.org/oss-sec/2015/q2/712

And update to the current version of the package should resolve this bug.