The string-translate* procedure in the data-structures unit in CHICKEN prior to 4.10.0 allows remote malicious users to cause a denial of service (crash).
call-cc chicken