security-advisories icon indicating copy to clipboard operation
security-advisories copied to clipboard

Published 20 hours ago verified publisher icon haskell

GHC 9.0.1 Natural conversion bug

Open hsyl20 opened this issue 8 months ago • 7 comments

Mandatory information:

  • Package : ghc
  • cvss: ?
  • affected versions: 9.0.1

Optional:

  • cve: ?
  • keywords: ?
  • aliases: ?
  • related: ?
  • affected OSes: all
  • affected architecture: all
  • declarations: ?
  • Long description: ?

GHC 9.0.1's optimization of Natural numbers can't be trusted because of a bogus rewrite rule. See https://gitlab.haskell.org/ghc/ghc/-/issues/19345, https://gitlab.haskell.org/ghc/ghc/-/issues/20066, https://gitlab.haskell.org/ghc/ghc/-/merge_requests/4980, and https://gitlab.haskell.org/ghc/ghc/-/merge_requests/6109.

Not exactly sure how it might be used for an attack but we quickly discussed this issue at the HF workshop and concluded it was worth reporting anyway.

hsyl20 avatar Jun 17 '24 08:06 hsyl20