Description
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
References (4)
Core 4
Core References
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201612-54
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72011
Various Sources mailing-list
x_refsource_mlist
http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html
Scores
EPSS
0.0147
EPSS Percentile
70.7%
Details
CWE
CWE-119
Status
published
Products (3)
call-cc/chicken
4.9.0
call-cc/chicken
4.9.0.1
call-cc/chicken
4.10.0
Published
Aug 28, 2015
Tracked Since
Feb 18, 2026