CVE-2013-4385
Published: 9 October 2013
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
Priority
Status
Package | Release | Status |
---|---|---|
chicken Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(4.8.0.5-1)
|
|
upstream |
Released
(4.8.0.5, 4.8.3)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(4.8.0.5-1)
|
|
yakkety |
Not vulnerable
(4.8.0.5-1)
|
|
zesty |
Not vulnerable
(4.8.0.5-1)
|
|
Patches: upstream: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 |
References
- http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
- http://www.openwall.com/lists/oss-security/2013/09/26/7
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
- https://www.cve.org/CVERecord?id=CVE-2013-4385
- NVD
- Launchpad
- Debian