{"id":"UBUNTU-CVE-2013-4385","details":"Buffer overflow in the \"read-string!\" procedure in the \"extras\" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument.","modified":"2026-04-22T09:23:05.014677Z","published":"2013-10-09T14:54:00Z","upstream":["CVE-2013-4385"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-4385"},{"type":"REPORT","url":"http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2013/09/26/7"},{"type":"REPORT","url":"http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-4385"}],"affected":[{"package":{"name":"chicken","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/chicken@4.8.0.5-1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.8.0.5-1"}]}],"versions":["4.8.0.3-3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"chicken-bin","binary_version":"4.8.0.5-1"},{"binary_name":"libchicken6","binary_version":"4.8.0.5-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-4385.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"high"}]}