Lucene search

[email protected]CVE-2014-3776

HistoryMay 20, 2014 - 2:55 p.m.

CVE-2014-3776

2014-05-2014:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-3776

buffer overflow

chicken

srfi-4

denial of service

memory corruption

application crash

arbitrary code execution

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON

Buffer overflow in the “read-u8vector!” procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a “#f” value in the NUM argument.

CPENameOperatorVersion
call-cc:chickencall-cc chickenle4.9.0
call-cc:chickencall-cc chickeneq4.8.0.7

CPE	Name	Operator	Version
call-cc:chicken	call-cc chicken	le	4.9.0
call-cc:chicken	call-cc chicken	eq	4.8.0.7

References

code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e

lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html

lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html

seclists.org/oss-sec/2014/q2/328

seclists.org/oss-sec/2014/q2/334

www.securityfocus.com/bid/67468

bugs.call-cc.org/ticket/1124

security.gentoo.org/glsa/201612-54

8.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.079 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2014-3776

nessus3 debiancve1 ubuntucve1 prion1 fedora3 openvas3 gentoo1