CVE-2014-9651

NameCVE-2014-9651
DescriptionBuffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs775346

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chicken (PTS)jessie4.9.0.1-1vulnerable
stretch4.11.0-1fixed
buster, sid4.13.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chickensource(unstable)4.10.0-1high775346

Notes

[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
[squeeze] - chicken <no-dsa> (Minor issue)
http://www.openwall.com/lists/oss-security/2015/01/12/3
Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt

Search for package or bug name: Reporting problems