Vulnerability Details CVE-2013-4385
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html
- http://secunia.com/advisories/55009
- http://www.securityfocus.com/bid/62690
- https://security.gentoo.org/glsa/201612-54
- http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
- http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html
- http://secunia.com/advisories/55009
- http://www.securityfocus.com/bid/62690
- https://security.gentoo.org/glsa/201612-54
Products affected by CVE-2013-4385
-
cpe:2.3:a:call-cc:chicken:-
-
cpe:2.3:a:call-cc:chicken:3.0.0
-
cpe:2.3:a:call-cc:chicken:3.1.0
-
cpe:2.3:a:call-cc:chicken:3.2.0
-
cpe:2.3:a:call-cc:chicken:3.3.0
-
cpe:2.3:a:call-cc:chicken:3.4.0
-
cpe:2.3:a:call-cc:chicken:4.0.0
-
cpe:2.3:a:call-cc:chicken:4.1.0
-
cpe:2.3:a:call-cc:chicken:4.2.0
-
cpe:2.3:a:call-cc:chicken:4.3.0
-
cpe:2.3:a:call-cc:chicken:4.3.3
-
cpe:2.3:a:call-cc:chicken:4.3.4
-
cpe:2.3:a:call-cc:chicken:4.3.5
-
cpe:2.3:a:call-cc:chicken:4.3.6
-
cpe:2.3:a:call-cc:chicken:4.3.7
-
cpe:2.3:a:call-cc:chicken:4.4.0
-
cpe:2.3:a:call-cc:chicken:4.4.3
-
cpe:2.3:a:call-cc:chicken:4.4.4
-
cpe:2.3:a:call-cc:chicken:4.4.5
-
cpe:2.3:a:call-cc:chicken:4.4.6
-
cpe:2.3:a:call-cc:chicken:4.5.0
-
cpe:2.3:a:call-cc:chicken:4.5.2
-
cpe:2.3:a:call-cc:chicken:4.5.5
-
cpe:2.3:a:call-cc:chicken:4.5.6
-
cpe:2.3:a:call-cc:chicken:4.5.7
-
cpe:2.3:a:call-cc:chicken:4.6.0
-
cpe:2.3:a:call-cc:chicken:4.6.1
-
cpe:2.3:a:call-cc:chicken:4.6.2
-
cpe:2.3:a:call-cc:chicken:4.6.3
-
cpe:2.3:a:call-cc:chicken:4.6.5
-
cpe:2.3:a:call-cc:chicken:4.6.6
-
cpe:2.3:a:call-cc:chicken:4.6.7
-
cpe:2.3:a:call-cc:chicken:4.7.0
-
cpe:2.3:a:call-cc:chicken:4.7.0.6
-
cpe:2.3:a:call-cc:chicken:4.7.2
-
cpe:2.3:a:call-cc:chicken:4.7.3
-
cpe:2.3:a:call-cc:chicken:4.7.4
-
cpe:2.3:a:call-cc:chicken:4.8.0
-
cpe:2.3:a:call-cc:chicken:4.8.0.1
-
cpe:2.3:a:call-cc:chicken:4.8.0.2
-
cpe:2.3:a:call-cc:chicken:4.8.0.3
-
cpe:2.3:a:call-cc:chicken:4.8.0.4
-
cpe:2.3:a:call-cc:chicken:4.8.0.5
-
cpe:2.3:a:call-cc:chicken:4.8.0.6
-
cpe:2.3:a:call-cc:chicken:4.8.0.7
-
cpe:2.3:a:call-cc:chicken:4.8.1