Title: GNU Chess Command Buffer Overflow Vulnerability
Severity: MODERATE
Description:
GNU Chess is a freely available, open-source Chess engine that will run on most Unix and Linux variants.
GNU Chess is a stand-alone Chess engine. Various types of interfaces have been constructed which use the GNU Chess engine.
GNU Chess does not perform sufficient bounds checking on commands. This is theoretically a security concern depending on the type of interface that is being used with the engine, if any. In situations where data can be supplied from an external source, this may become an exploitable security issue.
If the buffer can be overrun by an attacker via a maliciously constructed command which is passed through an interface, then it is possible to overwrite stack variables (including the return address) with attacker-supplied instructions.
Affected Products:
- GNU Chess 5.0.0 2
References:
- GNU: GNU Chess Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
