chicken -- multiple vulnerabilities

ID C6932DD4-EAFF-11E6-9AC1-A4BADB2F4699
Type freebsd
Reporter FreeBSD
Modified 2017-03-05T00:00:00


Peter Bex reports:

A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn. Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing.

Irregex versions before 0.9.6 contain a resource exhaustion vulnerability: when compiling deeply nested regexes containing the "+" operator due to exponential expansion behaviour.