egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
Max CVSS
9.8
EPSS Score
0.24%
Published
2022-12-10
Updated
2022-12-13
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
Max CVSS
8.1
EPSS Score
0.24%
Published
2017-03-16
Updated
2017-04-05
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-01-10
Updated
2017-01-11
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
Max CVSS
9.8
EPSS Score
2.42%
Published
2019-11-22
Updated
2020-08-18
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.
Max CVSS
8.8
EPSS Score
2.62%
Published
2019-10-31
Updated
2019-11-06
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
Max CVSS
9.0
EPSS Score
0.41%
Published
2019-10-31
Updated
2020-08-18
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
Max CVSS
9.8
EPSS Score
0.36%
Published
2019-10-31
Updated
2019-11-05
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!