Skip to main content

Chicken CVE-2013-4385

HIGH
Buffer Overflow (CWE-119)
2013-10-09 secalert@redhat.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 09, 2013 - 14:54 cve.org
HIGH 7.5

DescriptionCVE.org

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

AnalysisAI

Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument. Affected products include: Call-Cc Chicken. Version information: before 4.8.0.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-6830 CRITICAL
9.8 Jan 10

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments

CVE-2022-45145 CRITICAL
9.8 Dec 10

egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape

CVE-2017-6949 HIGH
8.1 Mar 16

An issue was discovered in CHICKEN Scheme through 4.12.0. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2014-3776 HIGH
7.5 May 20

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots

CVE-2015-4556 HIGH
7.5 Mar 29

The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a

CVE-2016-6831 HIGH
7.5 Jan 10

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, result

CVE-2017-9334 HIGH
7.5 Jun 01

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Sche

CVE-2014-9651 HIGH
7.5 Aug 28

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecifi

CVE-2017-11343 HIGH
7.5 Jul 17

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to

CVE-2013-1874 MEDIUM
4.4 Sep 29

Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Tr

Share

CVE-2013-4385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy