Peter Bex

**Name of the Vulnerable Software and Affected Versions** Chicken versions prior to 4.8.0.1 **Description** The issue is related to a buffer overflow in the thread scheduler, which can be triggered by opening a file descriptor with a large integer value. This can cause a denial of service, resulting in a crash. **Recommendations** For versions prior to 4.8.0.1, update to version 4.8.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Chicken versions prior to 4.8.0 **Description** The issue arises from improper handling of NUL bytes in certain strings, allowing an attacker to conduct a "poisoned NUL byte attack." **Recommendations** For versions prior to 4.8.0, update to version 4.8.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Chicken versions prior to 4.8.0 **Description** A casting error caused the random number generator to return a constant value on 64-bit platforms. The vendor notes that this function was not used for security purposes and is advertised as being unsuitable for such use. **Recommendations** For versions prior to 4.8.0, update to version 4.8.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Chicken versions prior to 4.8.0.3 **Description** The issue is caused by multiple buffer overflows in certain procedures, including `char-ready`, `tcp-accept-ready`, and `file-select`. This allows attackers to cause a denial of service by opening a file descriptor with a large integer value, resulting in a crash. **Recommendations** For Chicken versions prior to 4.8.0.3, update to a version that includes the complete fix for the issue.

**Name of the Vulnerable Software and Affected Versions** CHICKEN Scheme versions prior to 4.12.1 **Description** The issue is related to an incomplete fix for a previous problem, which allows an algorithmic complexity attack. An attacker can provide crafted input that, when inserted into the symbol table, results in O(n) lookup time, affecting the performance. **Recommendations** For versions prior to 4.12.1, update to version 4.12.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CHICKEN Scheme versions prior to 4.13 **Description** The issue arises from an incorrect "pair?" check in the Scheme "length" procedure, leading to an unsafe pointer dereference. This allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. **Recommendations** For versions prior to 4.13, update to version 4.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.9.3 before patchlevel 286 Ruby versions 2.0.0 before r37163 **Description** The issue allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. This is due to a problem in the `rb get path check` function in file.c. **Recommendations** For Ruby versions 1.9.3 before patchlevel 286, update to patchlevel 286 or later. For Ruby versions 2.0.0 before r37163, update to r37163 or later.