FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0da404ad-1891-11e5-a1cf-002590263bf5chicken -- Potential buffer overrun in string-translate*

chicken developer Peter Bex reports:

Using gcc's Address Sanitizer, it was discovered that the string-translate* procedure from the data-structures unit can scan beyond the input string's length up to the length of the source strings in the map that's passed to string-translate*. This issue was fixed in master 8a46020, and it will make its way into CHICKEN 4.10.

This bug is present in all released versions of CHICKEN.


Discovery 2015-06-15
Entry 2015-06-22
Modified 2015-07-31
chicken
< 4.10.0.r2,1

CVE-2015-4556
ports/200980
http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html
http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html
http://lists.nongnu.org/archive/html/chicken-announce/2015-07/msg00001.html
c6932dd4-eaff-11e6-9ac1-a4badb2f4699chicken -- multiple vulnerabilities

Peter Bex reports:

A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn.

Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing.

Irregex versions before 0.9.6 contain a resource exhaustion vulnerability: when compiling deeply nested regexes containing the "+" operator due to exponential expansion behaviour.


Discovery 2016-08-12
Entry 2017-02-04
Modified 2017-03-05
chicken
< 4.12,1

http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
CVE-2016-6830
CVE-2016-6831
CVE-2016-9954
ports/216661
5a771686-9e33-11e8-8b2d-9cf7a8059466chicken -- multiple vulnerabilities

CHICKEN reports:

  • CVE-2017-6949: Unchecked malloc() call in SRFI-4 constructors when allocating in non-GC memory, resulting in potential 1-word buffer overrun and/or segfault
  • CVE-2017-9334: "length" crashes on improper lists
  • CVE-2017-11343: The randomization factor of the symbol table was set before the random seed was set, causing it to have a fixed value on many platforms

Discovery 2017-03-16
Entry 2018-08-12
chicken
< 4.13.0,1

https://code.call-cc.org/releases/4.13.0/NEWS
CVE-2017-6949
CVE-2017-9334
CVE-2017-11343
e7b7f2b5-177a-11e5-ad33-f8d111029e6achicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports:

The substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument.

As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found.


Discovery 2015-01-12
Entry 2015-06-22
Modified 2015-06-23
chicken
< 4.10.0.r1,1

CVE-2014-9651
http://lists.gnu.org/archive/html/chicken-users/2015-01/msg00048.html
http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt