CVE-2013-4385
Published: 9 October 2013
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chicken Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Released
(4.8.0.5-1)
|
|
| upstream |
Released
(4.8.0.5, 4.8.3)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(4.8.0.5-1)
|
|
| yakkety |
Not vulnerable
(4.8.0.5-1)
|
|
| zesty |
Not vulnerable
(4.8.0.5-1)
|
|
|
Patches: upstream: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 |
||
References
- http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
- http://www.openwall.com/lists/oss-security/2013/09/26/7
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
- https://www.cve.org/CVERecord?id=CVE-2013-4385
- NVD
- Launchpad
- Debian