oss-sec mailing list archives
Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow
From: <cve-assign () mitre org>
Date: Mon, 14 Nov 2016 04:42:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The reference for this bug is: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134
may need some other application in front (e.g. a website using gnuchess for a backend or some mobile/desktop application forwarding evil input to gnuchess with improper validation) to attack.
Is it vulnerable without such an application if launched as "gnuchess -u" (UCI mode)? For example, is it taking untrusted input of 4096 characters and sending it to the ValidateMove function that is expecting 128? #define BUF_SIZE 4096 #define MAXSTR 128 if ( flags & UCI ) ... NextEngineCmd(); ... ReadFromEngine(); static char engineinputbuf[BUF_SIZE]=""; nread = read( pipefd_a2f[0], engineinputaux, BUF_SIZE ); strcat( engineinputbuf, engineinputaux ); char enginemovestr[BUF_SIZE]=""; enginemove = ValidateMove( enginemovestr ); - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYKYadAAoJEHb/MwWLVhi2mH4P/joQRzioJrkPSlThGwhDOT7u +vA3ceM8z+7u8Kf25lQNVgq4o+5YWARUJZBXHSRcC1rqCPuuWqw/aHUf8ijd9ryT QyzZ21wceInfp1EtjqjmtzBh++i00QqoKoLeNAeRilC7DL6T+OsxPEAt0ehtzRNJ ZgM7r1i25CcAxsnhQWNIzv5zRTo6v9DXaSabhiHT+OkP9m2C/oJQJYO3nRt3kAaC mt8sXppmdMj7YNZ9uxKWVVwA0vIVP6+Ds3ZonKM/O80zLFXfu1hxKLG/lJ77qzLc pdG5ntFpHZ0TrvR1yPezwyn3Wi8Up+3PY0vkTP1npvlrcmhB9HnpUUzvPMyEK2KF ctiMpAtg5PxoETjPGy6YKs9NxSjIiduJBJiQaYbQwfKHWITVB3Rt1gEBS7WgxJ8P P7z8SX7kcsV3cMJJoaInHpnI3f51hp8+mr6HcWksDIspl6B4msU0nbq6kXrUmEWW N7hfON3zWZrl+5iulvWKU7XRstG9jfKBKrgjCVNZWU1bA82dSRJou5L/EbGUCIhX poJP5l+htbCdy8nmJ0abdcq0e8YdWNxpGZRgvh84WBHV5O4FATlpD7anrO9Vcdzw NWnLqtMyKgx++AKV0YQSmoHZSUIvelcdmoL5tpe6XANZn25LBIiAI5YUdfTmOHFi QGhs9frDuvyfcE38oKMQ =9OQP -----END PGP SIGNATURE-----
Current thread:
- CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 13)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)