An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all chicken-bin Scheme versions prior to 4.13,which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.