Unrated severityNVD Advisory· Published May 20, 2014· Updated May 6, 2026

CVE-2014-3776

Description

Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.

Affected products

Call Cc/Chicken2 versions
cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:development_snapshotrange: <=4.9.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

code.call-cc.org/cgi-bin/gitweb.cginvd
lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.htmlnvd
lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.htmlnvd
seclists.org/oss-sec/2014/q2/328nvd
seclists.org/oss-sec/2014/q2/334nvd
www.securityfocus.com/bid/67468nvd
bugs.call-cc.org/ticket/1124nvd
security.gentoo.org/glsa/201612-54nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000