CVE-2014-3776

Name of the Vulnerable Software and Affected Versions CHICKEN versions 4.8.0.7 and prior to 4.9.1

Description The issue is related to a buffer overflow in the read-u8vector! procedure within the srfi-4 unit. This can be exploited by remote attackers to cause a denial of service, resulting in memory corruption and application crash. It is also possible for attackers to execute arbitrary code via a #f value in the NUM argument.

Recommendations For versions 4.8.0.7 and prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the read-u8vector! procedure in the srfi-4 unit to minimize the risk of exploitation. Avoid using the #f value in the NUM argument until the issue is resolved.