logo
DATABASE RESOURCES PRICING ABOUT US

chicken -- buffer overrun in substring-index[-ci]

Description

chicken developer Moritz Heidkamp reports: The substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any chicken 4.10.0.r1,1

Related