CVE-2013-4385

2013-10-0914:54:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-4385

buffer overflow

chicken

denial of service

remote attack

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.09 Low

EPSS

Percentile

94.5%

JSON

Buffer overflow in the “read-string!” procedure in the “extras” unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a “#f” value in the NUM argument.

CPENameOperatorVersion
call-cc:chickencall-cc chickeneq3.0.0
call-cc:chickencall-cc chickeneq4.7.0
call-cc:chickencall-cc chickeneq4.8.0.1
call-cc:chickencall-cc chickeneq4.8.0.2
call-cc:chickencall-cc chickeneq4.4.0
call-cc:chickencall-cc chickeneq4.0.0
call-cc:chickencall-cc chickeneq4.3.0
call-cc:chickencall-cc chickeneq4.1.0
call-cc:chickencall-cc chickeneq4.8.0.3
call-cc:chickencall-cc chickeneq4.8.0

CPE	Name	Operator	Version
call-cc:chicken	call-cc chicken	eq	3.0.0
call-cc:chicken	call-cc chicken	eq	4.7.0
call-cc:chicken	call-cc chicken	eq	4.8.0.1
call-cc:chicken	call-cc chicken	eq	4.8.0.2
call-cc:chicken	call-cc chicken	eq	4.4.0
call-cc:chicken	call-cc chicken	eq	4.0.0
call-cc:chicken	call-cc chicken	eq	4.3.0
call-cc:chicken	call-cc chicken	eq	4.1.0
call-cc:chicken	call-cc chicken	eq	4.8.0.3
call-cc:chicken	call-cc chicken	eq	4.8.0