Vulnerabilites related to call-cc - chicken
Vulnerability from fkie_nvd
Published
2019-11-22 19:15
Modified
2024-11-21 02:14
Severity ?
Summary
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/09/11/6 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/69727 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2014-6310 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/09/11/6 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/69727 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2014-6310 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| call-cc | chicken | 4.9.0 | |
| call-cc | chicken | 4.9.0.1 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F1ED9F-9706-49DF-9C4A-F0BB738378A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F740C782-8009-47E2-A4BB-56A582A6D41C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the \u0027select\u0027 function."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en CHICKEN versiones 4.9.0 y 4.9.0.1, puede permitir a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de la funci\u00f3n \"select\"."
}
],
"id": "CVE-2014-6310",
"lastModified": "2024-11-21T02:14:08.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-22T19:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69727"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6310"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 20:15
Modified
2024-11-21 01:50
Severity ?
Summary
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| call-cc | chicken | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEDFFC6-8C84-43A6-A2F6-3F72689E65B0",
"versionEndIncluding": "4.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos de Sistema Operativo en el procedimiento \"qs\" del m\u00f3dulo \"utils\" en Chicken versiones anteriores a 4.9.0."
}
],
"id": "CVE-2013-2024",
"lastModified": "2024-11-21T01:50:53.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T20:15:10.913",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/59320"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/59320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201612-54"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-10 16:15
Modified
2025-04-23 14:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "430CF03D-4979-43DA-9702-56F03889B80E",
"versionEndExcluding": "5.3.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file."
},
{
"lang": "es",
"value": "egg-compile.scm en CHICKEN 5.x anterior a 5.3.1 permite la ejecuci\u00f3n arbitraria de comandos del Sistema Operativo durante la instalaci\u00f3n del paquete mediante caracteres de escape en un archivo .egg."
}
],
"id": "CVE-2022-45145",
"lastModified": "2025-04-23T14:15:25.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-10T16:15:09.480",
"references": [
{
"source": "cve@mitre.org",
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"
},
{
"source": "cve@mitre.org",
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 14:54
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0662DD4F-12E6-4212-8F34-C0A7BE23834A",
"versionEndIncluding": "4.8.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14F0A8B7-8335-4CCC-87B2-35AAAD50E6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "067BFF82-278E-4BD3-8FCE-1D04C907161B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D49A8D83-94E7-4A86-AFB0-1DB9D99BE7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2845AB8E-BBAB-46FE-91EA-02860CB38C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "854C34A1-F5F9-4678-8000-CAD54CEFAD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26DABB00-3A2D-4DF3-86D2-D07169DEADEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E67EC3BC-4D50-4915-BFCD-4676F585547C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A558EA5B-C4B5-47CB-ADE5-B77FCF671098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C75418E7-93B1-4394-BE3A-F7516D762684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6B4BB0-922E-49B9-9334-F9139CE8773D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60F2738E-494D-431A-A81E-7B558752A448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9859DA9F-D12D-46DF-8D19-9C9E3F1792BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9EF76E3-2C84-46FC-B78B-C64148924E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89B1F8E0-9A46-465D-8279-EF4D467D6197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "240B3138-ADCF-44C1-95B8-ED6E08155DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99ED5A6-BF7C-401A-AF52-3AE003A0A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "383D5550-78AA-4748-88E6-FEA211B21029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2769DED2-4D10-409C-9552-756BC64EA631",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD2B083-C519-4FA4-8208-EC42993B5A2E",
"versionEndIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B7EDFF-E2DD-4268-B042-BC4DFA625DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "99C0E85E-B7CA-496E-9B4F-04E4778590A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67A26981-F807-4596-B8BA-11D568DE5EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06124B34-833C-46E7-BE98-834360DF6995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E178C01-A8D7-48DB-A0D6-A1FB602F234D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C19CB162-8F2A-4B0F-B95E-AF94A865B72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1809AC0-617A-438A-A58D-215C0A92B2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9EA90A-88C4-456C-9E94-425FB25A43BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F321CF4D-123E-4D36-A8EB-3E34CC6E61EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40DD3E1F-2E28-41F7-B34F-CFB713F17D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A63FEF-084E-4E95-8C89-638A7D065045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7626CF-A02A-4614-8B75-9FEEF7AAA79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6A246F71-5B3F-4C7C-ADCF-4F19BD970198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A612C5D7-7E95-4733-A700-1926225BC8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B171E612-ED30-4C59-A53A-D47E1DC4127C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFDB88F-7335-4C44-9AE4-E4ADBEDAC7F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69B9D5F1-CDBA-4F67-8988-0B02D6A06598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0BB05D-93FD-4193-B979-C43FB60BEC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D83F90D0-7302-4970-B8C6-75DDA3A5ECAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "368E8870-F68C-415E-902F-1A5643CCF7D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5B4ACA-A601-4C7F-8A90-08F0476F80C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "485D70B6-2595-44D0-82FA-114B80EDC104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9262F16B-13E3-4EFD-B543-52AD1800D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A378A459-4D15-485E-BF89-8C583CE917AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617A1685-FADE-41AD-8413-EFCC8C5F589E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B473E43F-B19F-4FC2-A8D6-9CA0FEBB5BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the \"read-string!\" procedure in the \"extras\" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el procedimiento \"read-string!\" en la unidad \"extras\" en el establo CHICKEN en versiones anteriores a 4.8.0.5 e instantaneas de desarrollo en versiones anteriores a 4.8.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de un valor \"#f\" en el argumento NUM."
}
],
"id": "CVE-2013-4385",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-09T14:54:26.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55009"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/62690"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-54"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 21:15
Modified
2024-11-21 01:45
Severity ?
Summary
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/02/08/2 | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-6124 | Broken Link | |
| secalert@redhat.com | https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html | Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2012-6124 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/02/08/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-6124 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2012-6124 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "F4C63671-C02C-4F84-966F-9DDAA57C742E",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn\u0027t used for security purposes (and is advertised as being unsuitable).\""
},
{
"lang": "es",
"value": "Un error de conversi\u00f3n en Chicken versiones anteriores a 4.8.0, en la plataforma de 64 bits caus\u00f3 que el generador de n\u00fameros aleatorios devolviera un valor constante. NOTA: el proveedor declara \"This function wasn\u0027t used for security purposes (and is advertised as being unsuitable).\""
}
],
"id": "CVE-2012-6124",
"lastModified": "2024-11-21T01:45:52.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T21:15:11.917",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
Summary
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B09DD8-3AF5-4A49-89E5-8513C3061955",
"versionEndIncluding": "4.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time."
},
{
"lang": "es",
"value": "Debido a una soluci\u00f3n incompleta para el CVE-2012-6125, todas las versiones de CHICKEN Scheme hasta 4.12.0 incluy\u00e9ndola, son vulnerables a un ataque de complejidad algor\u00edtmica. Un atacante puede proporcionar una entrada creada que, cuando sea insertada en la tabla de s\u00edmbolos, resultar\u00e1 en un tiempo de b\u00fasqueda O(n)."
}
],
"id": "CVE-2017-11343",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:20.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-10 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/92550 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92550 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01FC43EF-B98F-4DF2-9286-89CE7D9BE8DD",
"versionEndIncluding": "4.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"process-execute\" and \"process-spawn\" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released)."
},
{
"lang": "es",
"value": "Los procedimientos \"process-execute\" y \"process-spawn\" no liberan correctamente la memoria cuando falla la llamada execve(), resultando en una perdida de memoria. Esto podr\u00eda ser aprovechado por un atacante para provocar un agotamiento de recursos o una denegaci\u00f3n de servicio. Esto afecta a todas las versi\u00f3n de CHICKEN hasta la 4.11 inclusive (esto ser\u00e1 fijado en la versi\u00f3n 4.12 y 5.0, que a\u00fan no se ha liberado)."
}
],
"id": "CVE-2016-6831",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-10T15:59:00.470",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92550"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 21:15
Modified
2024-11-21 01:45
Severity ?
Summary
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350907F1-95D3-4C33-8A87-758C74AC53C7",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions."
},
{
"lang": "es",
"value": "Chicken versiones anteriores a 4.8.0, es susceptible a ataques de complejidad algor\u00edtmica relacionados con colisiones de tablas hash."
}
],
"id": "CVE-2012-6125",
"lastModified": "2024-11-21T01:45:52.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T21:15:11.980",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-29 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| call-cc | chicken | * | |
| call-cc | chicken | 4.8.0 | |
| call-cc | chicken | 4.8.0 | |
| call-cc | chicken | 4.8.0 | |
| call-cc | chicken | 4.8.0 | |
| call-cc | chicken | 4.8.0 | |
| call-cc | chicken | 4.8.0.1 | |
| call-cc | chicken | 4.8.0.2 | |
| call-cc | chicken | 4.8.0.3 | |
| call-cc | chicken | 4.8.0.4 | |
| call-cc | chicken | 4.8.0.5 | |
| call-cc | chicken | 4.8.0.6 | |
| call-cc | chicken | 4.8.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD2B083-C519-4FA4-8208-EC42993B5A2E",
"versionEndIncluding": "4.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "240B3138-ADCF-44C1-95B8-ED6E08155DEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9262F16B-13E3-4EFD-B543-52AD1800D8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A378A459-4D15-485E-BF89-8C583CE917AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "617A1685-FADE-41AD-8413-EFCC8C5F589E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B473E43F-B19F-4FC2-A8D6-9CA0FEBB5BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99ED5A6-BF7C-401A-AF52-3AE003A0A248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "383D5550-78AA-4748-88E6-FEA211B21029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2769DED2-4D10-409C-9552-756BC64EA631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB18E691-ACA3-493F-AF3A-A1B14CE700C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E7D8F-BC2F-4601-B6F0-012A1C911F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B12FDD19-0C1B-4C65-A3AF-C812969913F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E44A5135-7525-4209-8AF0-2F37581A46D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en csi en Chicken anterior a 4.8.2 permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un .csirc de caballo de troya en el directorio de trabajos actual."
}
],
"evaluatorComment": "\u003ca href = http://cwe.mitre.org/data/definitions/426.html\u003e CWE-426: Untrusted Search Path \u003c/a\u003e",
"id": "CVE-2013-1874",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-29T22:55:05.957",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q1/692"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/91520"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58583"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q1/692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/91520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85065"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-10 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/92550 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92550 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01FC43EF-B98F-4DF2-9286-89CE7D9BE8DD",
"versionEndIncluding": "4.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"process-execute\" and \"process-spawn\" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released)."
},
{
"lang": "es",
"value": "Los procedimientos \"process-execute\" y \"process-spawn\" en CHICKEN Scheme utilizaron b\u00fafers de tama\u00f1o fijo para mantener los argumentos y las variables de entorno para usar en su llamada execve(). Esto podr\u00eda permitir que las listas de variable de argumento/entorno suministradas por el usuario desencadenaran un desbordamiento de b\u00fafer. Esto afecta a todas las versiones de CHICKEN hasta la 4.11 inclusive (esto ser\u00e1 fijado en la versi\u00f3n 4.12 y 5.0, que a\u00fan no se han liberado)."
}
],
"id": "CVE-2016-6830",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-10T15:59:00.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92550"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 21:15
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B74ED03-6FB8-48C3-9DE4-BAD8309E14E2",
"versionEndIncluding": "4.8.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos del b\u00fafer en los procedimientos (1) R5RS char-ready, (2) tcp-accept-ready y (3) file-select en Chicken versiones hasta 4.8.0.3, permiten a atacantes causar una denegaci\u00f3n de servicio (bloqueo) mediante la apertura de un descriptor de archivo con un valor entero grande. NOTA: este problema se presenta debido a una soluci\u00f3n incompleta para CVE-2012-6122."
}
],
"id": "CVE-2013-2075",
"lastModified": "2024-11-21T01:50:59.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T21:15:12.060",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"source": "secalert@redhat.com",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=766056cd5f26b1d529405705449cb534609c113f"
},
{
"source": "secalert@redhat.com",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/59758"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=766056cd5f26b1d529405705449cb534609c113f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/59758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-29 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "13EF1BE2-AE34-4250-93D6-8DCBA026F7C5",
"versionEndIncluding": "4.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)."
},
{
"lang": "es",
"value": "El procedimiento string-translate* en la unidad de estructuras de datos CHICKEN en versiones anteriores a 4.10.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda)."
}
],
"id": "CVE-2015-4556",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-29T14:59:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97293"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-54"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-01 05:29
Modified
2025-04-20 01:37
Severity ?
Summary
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B09DD8-3AF5-4A49-89E5-8513C3061955",
"versionEndIncluding": "4.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it."
},
{
"lang": "es",
"value": "Un chequeo de \"pair\" incorrecto en el procedimiento \"lenght\" de Scheme resulta en una desreferencia de puntero insegura en todas las versiones de CHICKEN Scheme anteriores a 4.13, lo que permite a un atacante causar una denegaci\u00f3n de servicio pasando una lista incorrecta a una aplicaci\u00f3n que llama a \"length\"."
}
],
"id": "CVE-2017-9334",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-01T05:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-28 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F1ED9F-9706-49DF-9C4A-F0BB738378A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F740C782-8009-47E2-A4BB-56A582A6D41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75893A5E-754A-4882-B381-B2761BDF68ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the \"substring-index[-ci] procedures.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de Buffer en CHICKEN 4.9.0.x en versiones anteriores a 4.9.0.2, 4.9.x en versiones anteriores a 4.9.1 y en versiones anteriores a 5.0, permite a atacantes tener un impacto no especificado a trav\u00e9s de un argumento START positivo a \u0027substring-index[-ci] procedures\u0027."
}
],
"id": "CVE-2014-9651",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-28T21:59:00.090",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72011"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-54"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-20 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:development_snapshot",
"matchCriteriaId": "9F4893E4-745C-44E9-9FD5-D9478BD44006",
"versionEndIncluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E44A5135-7525-4209-8AF0-2F37581A46D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el procedimiento \u0027read-u8vector!\u0027 en la unidad srfi-4 en CHICKEN Stable 4.8.0.7 y Development Snapshots anterior a 4.9.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor \u0027#f\u0027 en el argumento NUM."
}
],
"id": "CVE-2014-3776",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-20T14:55:07.053",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/328"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/334"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67468"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.call-cc.org/ticket/1124"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.call-cc.org/ticket/1124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201612-54"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-16 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/97317 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97317 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "097E61E7-AD53-4A7F-B471-D4FDF8C168B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en CHICKEN Scheme hasta la versi\u00f3n 4.12.0. Cuando se utiliza una extensi\u00f3n CHICKEN-specific no est\u00e1ndar para ubicar un vector SRFI-4 en memoria no administrada, el tama\u00f1o del vector se usar\u00eda de forma no analizada como un argumento a malloc(). Con un tama\u00f1o inesperado, el impacto puede haber sido un segfault o desbordamiento de b\u00fafer."
}
],
"id": "CVE-2017-6949",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-16T17:59:00.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/97317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/97317"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 21:15
Modified
2024-11-21 01:45
Severity ?
Summary
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/02/08/2 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-6123 | Broken Link | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2012-6123 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/02/08/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-6123 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2012-6123 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| call-cc | chicken | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "350907F1-95D3-4C33-8A87-758C74AC53C7",
"versionEndExcluding": "4.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\""
},
{
"lang": "es",
"value": "Chicken versiones anteriores a 4.8.0, no maneja apropiadamente los bytes NUL en determinadas cadenas, lo que permite a un atacante conducir un \"poisoned NUL byte attack.\""
}
],
"id": "CVE-2012-6123",
"lastModified": "2024-11-21T01:45:52.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T21:15:11.857",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-31 21:15
Modified
2024-11-21 01:45
Severity ?
Summary
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53B8C3E6-C2B4-44DB-9E02-8D1F89B082CB",
"versionEndExcluding": "4.8.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en el programador de subprocesos (hilos) en Chicken versiones anteriores a 4.8.0.1, permite a atacantes causar una denegaci\u00f3n de servicio (bloqueo) mediante la apertura de un descriptor de archivo con un valor entero grande."
}
],
"id": "CVE-2012-6122",
"lastModified": "2024-11-21T01:45:52.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-31T21:15:11.763",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-6124 (GCVE-0-2012-6124)
Vulnerability from cvelistv5
Published
2019-10-31 20:38
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Type-Check
Summary
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/02/08/2 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2012-6124 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-6124 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "before 4.8.0"
}
]
}
],
"datePublic": "2012-02-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn\u0027t used for security purposes (and is advertised as being unsuitable).\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type-Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T20:38:43",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn\u0027t used for security purposes (and is advertised as being unsuitable).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type-Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6124",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6124"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-6124",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-6124"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6124",
"datePublished": "2019-10-31T20:38:43",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6949 (GCVE-0-2017-6949)
Vulnerability from cvelistv5
Published
2017-03-16 17:00
Modified
2024-08-05 15:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97317 | vdb-entry, x_refsource_BID | |
| http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:49:02.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97317"
},
{
"name": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html",
"refsource": "CONFIRM",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6949",
"datePublished": "2017-03-16T17:00:00",
"dateReserved": "2017-03-16T00:00:00",
"dateUpdated": "2024-08-05T15:49:02.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9334 (GCVE-0-2017-9334)
Vulnerability from cvelistv5
Published
2017-06-01 04:53
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html | x_refsource_CONFIRM | |
| http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-01T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html",
"refsource": "CONFIRM",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
},
{
"name": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html",
"refsource": "CONFIRM",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9334",
"datePublished": "2017-06-01T04:53:00",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2075 (GCVE-0-2013-2075)
Vulnerability from cvelistv5
Published
2019-10-31 20:38
Modified
2024-08-06 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59758"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=766056cd5f26b1d529405705449cb534609c113f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "through 4.8.0.3"
}
]
}
],
"datePublic": "2013-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T20:38:26",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59758"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=766056cd5f26b1d529405705449cb534609c113f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "through 4.8.0.3"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/05/11/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/3"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2075",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2075"
},
{
"name": "http://www.securityfocus.com/bid/59758",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59758"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84188"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-05/msg00000.html"
},
{
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7",
"refsource": "CONFIRM",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7"
},
{
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091",
"refsource": "CONFIRM",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=556108092774086b6c86c2e27daf3f740ffec091"
},
{
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f",
"refsource": "CONFIRM",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=766056cd5f26b1d529405705449cb534609c113f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2075",
"datePublished": "2019-10-31T20:38:26",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3776 (GCVE-0-2014-3776)
Vulnerability from cvelistv5
Published
2014-05-20 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/67468 | vdb-entry, x_refsource_BID | |
| http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://bugs.call-cc.org/ticket/1124 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q2/334 | mailing-list, x_refsource_MLIST | |
| http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201612-54 | vendor-advisory, x_refsource_GENTOO | |
| http://seclists.org/oss-sec/2014/q2/328 | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:16.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67468",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67468"
},
{
"name": "[Chicken-hackers] 20140517 [PATCH] Bound read-u8vector! to dest vector\u0027s size when no length is given",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.call-cc.org/ticket/1124"
},
{
"name": "[oss-security] 20140519 Re: CVE request for buffer overrun in CHICKEN Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "[oss-security] 20140518 CVE request for buffer overrun in CHICKEN Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q2/328"
},
{
"name": "[chicken-announce] 20140518 [SECURITY] Buffer-overrun in some uses of read-u8vect",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67468",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67468"
},
{
"name": "[Chicken-hackers] 20140517 [PATCH] Bound read-u8vector! to dest vector\u0027s size when no length is given",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.call-cc.org/ticket/1124"
},
{
"name": "[oss-security] 20140519 Re: CVE request for buffer overrun in CHICKEN Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "[oss-security] 20140518 CVE request for buffer overrun in CHICKEN Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q2/328"
},
{
"name": "[chicken-announce] 20140518 [SECURITY] Buffer-overrun in some uses of read-u8vect",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the \"read-u8vector!\" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67468"
},
{
"name": "[Chicken-hackers] 20140517 [PATCH] Bound read-u8vector! to dest vector\u0027s size when no length is given",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html"
},
{
"name": "https://bugs.call-cc.org/ticket/1124",
"refsource": "CONFIRM",
"url": "https://bugs.call-cc.org/ticket/1124"
},
{
"name": "[oss-security] 20140519 Re: CVE request for buffer overrun in CHICKEN Scheme",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/334"
},
{
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e",
"refsource": "CONFIRM",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e"
},
{
"name": "GLSA-201612-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "[oss-security] 20140518 CVE request for buffer overrun in CHICKEN Scheme",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/328"
},
{
"name": "[chicken-announce] 20140518 [SECURITY] Buffer-overrun in some uses of read-u8vect",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3776",
"datePublished": "2014-05-20T14:00:00",
"dateReserved": "2014-05-19T00:00:00",
"dateUpdated": "2024-08-06T10:57:16.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4556 (GCVE-0-2015-4556)
Vulnerability from cvelistv5
Published
2017-03-29 14:00
Modified
2024-08-06 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1231871 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2015/q2/712 | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201612-54 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/97293 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"name": "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme\u0027s string-translate* procedure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"name": "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"name": "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "97293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"name": "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme\u0027s string-translate* procedure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"name": "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"name": "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "97293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231871"
},
{
"name": "[oss-security] 20150615 Re: CVE request for buffer overrun in CHICKEN Scheme\u0027s string-translate* procedure",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/712"
},
{
"name": "[chicken-hackers] 20150614 [Chicken-hackers] [PATCH] [SECURITY] Fix buffer overrun in string-translate*",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html"
},
{
"name": "[chicken-announce] 20150615 [Chicken-announce] [SECURITY] Potential buffer overrun in string-translate*",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html"
},
{
"name": "GLSA-201612-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "97293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4556",
"datePublished": "2017-03-29T14:00:00",
"dateReserved": "2015-06-15T00:00:00",
"dateUpdated": "2024-08-06T06:18:11.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45145 (GCVE-0-2022-45145)
Vulnerability from cvelistv5
Published
2022-12-10 00:00
Modified
2025-04-23 13:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:54:47.589803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:54:51.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"
},
{
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"
},
{
"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45145",
"datePublished": "2022-12-10T00:00:00.000Z",
"dateReserved": "2022-11-11T00:00:00.000Z",
"dateUpdated": "2025-04-23T13:54:51.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2024 (GCVE-0-2013-2024)
Vulnerability from cvelistv5
Published
2019-10-31 19:57
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Metacharacters
Summary
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-2024 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-2024 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/59320 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/04/29/13 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85064 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201612-54 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59320"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "before 4.9.0"
}
]
}
],
"datePublic": "2013-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Metacharacters",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T19:57:23",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/59320"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.9.0"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability in the \"qs\" procedure from the \"utils\" module in Chicken before 4.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Metacharacters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2024",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2024"
},
{
"name": "https://access.redhat.com/security/cve/cve-2013-2024",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2013-2024"
},
{
"name": "http://www.securityfocus.com/bid/59320",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59320"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/13",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/13"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85064"
},
{
"name": "https://security.gentoo.org/glsa/201612-54",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2024",
"datePublished": "2019-10-31T19:57:23",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6122 (GCVE-0-2012-6122)
Vulnerability from cvelistv5
Published
2019-10-31 20:38
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-6122 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-6122 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/02/08/2 | x_refsource_MISC | |
| http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/05/08/3 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/05/09/1 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html | x_refsource_CONFIRM | |
| https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "4.8.0.1"
}
]
}
],
"datePublic": "2012-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T20:38:34",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "4.8.0.1"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6122",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6122"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-6122",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-6122"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"name": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/05/08/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/05/08/3"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/05/09/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/05/09/1"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6122",
"datePublished": "2019-10-31T20:38:34",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1874 (GCVE-0-2013-1874)
Vulnerability from cvelistv5
Published
2014-09-29 22:00
Modified
2024-08-06 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/91520 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85065 | vdb-entry, x_refsource_XF | |
| http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/58583 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2013/q1/692 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/91520"
},
{
"name": "chicken-cve20131874-csirc-code-execution(85065)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137"
},
{
"name": "58583",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58583"
},
{
"name": "[oss-security] 20130319 Untrusted startup file inclusion in Chicken Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "91520",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/91520"
},
{
"name": "chicken-cve20131874-csirc-code-execution(85065)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137"
},
{
"name": "58583",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58583"
},
{
"name": "[oss-security] 20130319 Untrusted startup file inclusion in Chicken Scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91520",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91520"
},
{
"name": "chicken-cve20131874-csirc-code-execution(85065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85065"
},
{
"name": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137",
"refsource": "CONFIRM",
"url": "http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137"
},
{
"name": "58583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58583"
},
{
"name": "[oss-security] 20130319 Untrusted startup file inclusion in Chicken Scheme",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1874",
"datePublished": "2014-09-29T22:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:20:37.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9651 (GCVE-0-2014-9651)
Vulnerability from cvelistv5
Published
2015-08-28 20:57
Modified
2024-08-06 13:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201612-54 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/72011 | vdb-entry, x_refsource_BID | |
| http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Chicken-users] 20150112 [SECURITY] Fix buffer overrun in substring-index[-ci]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "72011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72011"
},
{
"name": "[Chicken-hackers] 20141214 [PATCH] Fix buffer overrun in substring-index[-ci]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the \"substring-index[-ci] procedures.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Chicken-users] 20150112 [SECURITY] Fix buffer overrun in substring-index[-ci]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "72011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72011"
},
{
"name": "[Chicken-hackers] 20141214 [PATCH] Fix buffer overrun in substring-index[-ci]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the \"substring-index[-ci] procedures.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Chicken-users] 20150112 [SECURITY] Fix buffer overrun in substring-index[-ci]",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html"
},
{
"name": "GLSA-201612-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "72011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72011"
},
{
"name": "[Chicken-hackers] 20141214 [PATCH] Fix buffer overrun in substring-index[-ci]",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9651",
"datePublished": "2015-08-28T20:57:00",
"dateReserved": "2015-01-28T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11343 (GCVE-0-2017-11343)
Vulnerability from cvelistv5
Published
2017-07-16 21:00
Modified
2024-08-05 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-16T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html",
"refsource": "CONFIRM",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11343",
"datePublished": "2017-07-16T21:00:00",
"dateReserved": "2017-07-16T00:00:00",
"dateUpdated": "2024-08-05T18:05:30.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6831 (GCVE-0-2016-6831)
Vulnerability from cvelistv5
Published
2017-01-10 15:00
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92550 | vdb-entry, x_refsource_BID | |
| http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"process-execute\" and \"process-spawn\" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-10T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6831",
"datePublished": "2017-01-10T15:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:37.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6830 (GCVE-0-2016-6830)
Vulnerability from cvelistv5
Published
2017-01-10 15:00
Modified
2024-08-06 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92550 | vdb-entry, x_refsource_BID | |
| http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"process-execute\" and \"process-spawn\" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-10T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "92550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92550"
},
{
"name": "[chicken-announce] 20160812 [SECURITY] Buffer overrun in process-execute and process-spawn",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6830",
"datePublished": "2017-01-10T15:00:00",
"dateReserved": "2016-08-17T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6310 (GCVE-0-2014-6310)
Vulnerability from cvelistv5
Published
2019-11-22 18:07
Modified
2024-08-06 12:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2014-6310 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2014/09/11/6 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/69727 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6310"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the \u0027select\u0027 function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T18:07:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6310"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/69727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the \u0027select\u0027 function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2014-6310",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2014-6310"
},
{
"name": "http://www.openwall.com/lists/oss-security/2014/09/11/6",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2014/09/11/6"
},
{
"name": "http://www.securityfocus.com/bid/69727",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/69727"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6310",
"datePublished": "2019-11-22T18:07:36",
"dateReserved": "2014-09-11T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6123 (GCVE-0-2012-6123)
Vulnerability from cvelistv5
Published
2019-10-31 20:38
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-6123 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-6123 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/02/08/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "before 4.8.0"
}
]
}
],
"datePublic": "2012-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T20:38:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6123",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6123"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-6123",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-6123"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6123",
"datePublished": "2019-10-31T20:38:39",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4385 (GCVE-0-2013-4385)
Vulnerability from cvelistv5
Published
2013-10-09 14:44
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62690 | vdb-entry, x_refsource_BID | |
| http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html | mailing-list, x_refsource_MLIST | |
| http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html | mailing-list, x_refsource_MLIST | |
| http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201612-54 | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/55009 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:12.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62690",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62690"
},
{
"name": "[chicken-announce] 20130927 Re: [SECURITY] Buffer overrun in some uses of read-string! procedure from \"extras\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html"
},
{
"name": "[chicken-announce] 20130926 [SECURITY] Buffer overrun in some uses of read-string! procedure from \"extras\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html"
},
{
"name": "[chicken-announce] 20131003 Chicken 4.8.0.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "55009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the \"read-string!\" procedure in the \"extras\" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a \"#f\" value in the NUM argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "62690",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62690"
},
{
"name": "[chicken-announce] 20130927 Re: [SECURITY] Buffer overrun in some uses of read-string! procedure from \"extras\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html"
},
{
"name": "[chicken-announce] 20130926 [SECURITY] Buffer overrun in some uses of read-string! procedure from \"extras\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html"
},
{
"name": "[chicken-announce] 20131003 Chicken 4.8.0.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html"
},
{
"name": "GLSA-201612-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-54"
},
{
"name": "55009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4385",
"datePublished": "2013-10-09T14:44:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:12.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6125 (GCVE-0-2012-6125)
Vulnerability from cvelistv5
Published
2019-10-31 20:38
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/02/08/2 | x_refsource_MISC | |
| https://security-tracker.debian.org/tracker/CVE-2012-6125 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-6125 | x_refsource_MISC | |
| https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html | x_refsource_CONFIRM | |
| https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "chicken",
"vendor": "chicken",
"versions": [
{
"status": "affected",
"version": "before 4.8.0"
}
]
}
],
"datePublic": "2012-01-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-31T20:38:48",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "chicken",
"version": {
"version_data": [
{
"version_value": "before 4.8.0"
}
]
}
}
]
},
"vendor_name": "chicken"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/08/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/08/2"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6125",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6125"
},
{
"name": "https://access.redhat.com/security/cve/cve-2012-6125",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2012-6125"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html"
},
{
"name": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html",
"refsource": "CONFIRM",
"url": "https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6125",
"datePublished": "2019-10-31T20:38:48",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}