Red Hat Bugzilla – Bug 1012974
CVE-2013-4385 chicken: buffer overrun
Last modified: 2014-01-27 03:39:28 EST
Chicken, a compiler for the Scheme programming language, is found to have a buffer overrrun flaw due to the read-string! procedure from the "extras" unit, when used in a particular way.
It was found that there was a missing check for the situation when NUM was at #f (the scheme value for false) in the buffer as the buffer size, then it will read beyond the buffer until the input port is exhausted. This may result in a DoS or a remote code execution.
Though currently all stable releases are vulnerable to this flaw, there is a simple workaround to be used in code that uses read-string!: simply convert all (read-string! #f buf ...) invocations to (read-string! (string-length buf) buf ...) or, if possible, use the non-destructive read-string procedure from the same unit.
Created chicken tracking bugs for this issue:
Affects: fedora-all [bug 1012977]
Affects: epel-6 [bug 1012979]
chicken-18.104.22.168-4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.