Vulnerability CVE-2013-4385


Published: 2013-10-09   Modified: 2016-12-30

Description:
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

See advisories in our WLB2 database:
Topic
Author
Date
High
CHICKEN Scheme Buffer overrun vulnerability
Peter Bex
27.09.2013

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Call-cc
Product: Chicken 
Version:
4.8.1
4.8.0.4
4.8.0.3
4.8.0.2
4.8.0.1
4.8.0
4.7.4
4.7.3
4.7.2
4.7.0.6
4.7.0
4.6.7
4.6.6
4.6.5
4.6.3
4.6.2
4.6.1
4.6.0
4.5.7
4.5.6
4.5.5
4.5.2
4.5.0
4.4.6
4.4.5
4.4.4
4.4.3
4.4.0
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.0
4.2.0
4.1.0
4.0.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html
http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html
http://www.securityfocus.com/bid/62690

Related CVE
CVE-2017-9334
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application tha...
CVE-2015-4556
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
CVE-2017-6949
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unex...
CVE-2016-6830
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trig...
CVE-2016-6831
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all re...
CVE-2016-6287
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could all...
CVE-2016-6286
The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (al...
CVE-2014-9651
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

Copyright 2017, cxsecurity.com