Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20170717065129.snmhfal5wdsny4yy@scully.more-magic.net>
Date: Mon, 17 Jul 2017 08:51:29 +0200
From: Peter Bex <peter@...e-magic.net>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE-2017-11343 CHICKEN Scheme: algorithmic complexity attack in hash
 tables

Hi all,

I just received the CVE-2017-11343 assignment for an issue in
CHICKEN Scheme.  An attacker is able to cause O(n) lookup for
hash tables by predicting the buckets in which interned symbols
will end up, due to a partially incorrect fix for CVE-2012-6125
where the randomization factor was determined before initializing
the PRNG with a seed state.

This issue affects only the Scheme symbol table, not user-created
hash tables.  All CHICKEN releases up to and including 4.12.0 are
affected.

More info:
http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html

Cheers,
Peter Bex

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.