Vulnerability Details : CVE-2013-1874
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2013-1874
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1874
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2013-1874
-
http://www.securityfocus.com/bid/58583
Chicken '.csirc' File Local Arbitrary Code Execution Vulnerability
-
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137
code.call-cc.org Git - chicken-core.git/blob - NEWS
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85065
CHICKEN .csirc file code execution CVE-2013-1874 Vulnerability Report
-
http://seclists.org/oss-sec/2013/q1/692
oss-sec: Untrusted startup file inclusion in Chicken Scheme
Products affected by CVE-2013-1874
- cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:call-cc:chicken:4.8.0:*:*:*:*:*:*:*