FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chicken -- buffer overrun in substring-index[-ci]

Affected packages
chicken < 4.10.0.r1,1


VuXML ID e7b7f2b5-177a-11e5-ad33-f8d111029e6a
Discovery 2015-01-12
Entry 2015-06-22
Modified 2015-06-23

chicken developer Moritz Heidkamp reports:

The substring-index[-ci] procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument.

As a work-around you can switch to SRFI 13's string-contains procedure which also returns the substring's index in case it is found.


CVE Name CVE-2014-9651