Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 486350 (CVE-2013-4385) - <dev-scheme/chicken-4.10.0: "read-string!" Buffer Overflow Vulnerability (CVE-2013-4385)
Summary: <dev-scheme/chicken-4.10.0: "read-string!" Buffer Overflow Vulnerability (CVE...
Alias: CVE-2013-4385
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on: CVE-2013-2024
  Show dependency tree
Reported: 2013-09-28 18:43 UTC by Agostino Sarubbo
Modified: 2016-12-31 15:24 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-09-28 18:43:30 UTC
From ${URL} :


A vulnerability has been reported in CHICKEN, which can be exploited by malicious people to 
compromise a vulnerable system.

The vulnerability is caused due to an error within the "read-string!" procedure in the "extras" 
unit when "#f" is passed as the buffer size and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions and prior.

Apply patch or update to version when available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-10-16 01:28:44 UTC
CVE-2013-4385 (
  Buffer overflow in the "read-string!" procedure in the "extras" unit in
  CHICKEN stable before and development snapshots before 4.8.2 allows
  remote attackers to cause a denial of service (memory corruption and
  application crash) or execute arbitrary code via a "#f" value in the NUM
Comment 2 erik falor 2015-08-05 03:47:18 UTC
I'm sorry for the long delay on this. I'm preparing an ebuild for the latest CHICKEN release, 4.10.0 which addresses this, and all open dev-scheme/chicken issues.
Comment 3 erik falor 2015-08-08 22:56:20 UTC
I have submitted an updated ebuild for the latest version of CHICKEN to bug #467966
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2016-12-31 15:24:22 UTC
This issue was resolved and addressed in
 GLSA 201612-54 at
by GLSA coordinator Thomas Deutschmann (whissi).