CVE-2014-9651

Description

Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

How to fix CVE-2014-9651

To remediate CVE-2014-9651, upgrade the affected package to a fixed version below.

• Debian/chicken—upgrade to 4.10.0-1 or later

Is CVE-2014-9651 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.10.0-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-9651