Summary: | <dev-scheme/chicken-4.10.0: "read-string!" Buffer Overflow Vulnerability (CVE-2013-4385) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ewfalor, maksbotan, proxy-maint, scheme |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/55009/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 467966 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-09-28 18:43:30 UTC
CVE-2013-4385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4385): Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a "#f" value in the NUM argument. I'm sorry for the long delay on this. I'm preparing an ebuild for the latest CHICKEN release, 4.10.0 which addresses this, and all open dev-scheme/chicken issues. I have submitted an updated ebuild for the latest version of CHICKEN to bug #467966 This issue was resolved and addressed in GLSA 201612-54 at https://security.gentoo.org/glsa/201612-54 by GLSA coordinator Thomas Deutschmann (whissi). |