CVE-2013-2024
https://notcve.org/view.php?id=CVE-2013-2024
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. Una vulnerabilidad de inyección de comandos de Sistema Operativo en el procedimiento "qs" del módulo "utils" en Chicken versiones anteriores a 4.9.0. • http://www.openwall.com/lists/oss-security/2013/04/29/13 http://www.securityfocus.com/bid/59320 https://access.redhat.com/security/cve/cve-2013-2024 https://exchange.xforce.ibmcloud.com/vulnerabilities/85064 https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html https://security-tracker.debian.org/tracker/CVE-2013-2024 https://security.gentoo.org/glsa/201612-54 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2015-4556
https://notcve.org/view.php?id=CVE-2015-4556
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). El procedimiento string-translate* en la unidad de estructuras de datos CHICKEN en versiones anteriores a 4.10.0 permite a atacantes remotos provocar una denegación de servicio (caída). • http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html http://seclists.org/oss-sec/2015/q2/712 http://www.securityfocus.com/bid/97293 https://bugzilla.redhat.com/show_bug.cgi?id=1231871 https://security.gentoo.org/glsa/201612-54 • CWE-20: Improper Input Validation •
CVE-2013-1874
https://notcve.org/view.php?id=CVE-2013-1874
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en csi en Chicken anterior a 4.8.2 permite a usuarios locales ejecutar código arbitrario a través de un .csirc de caballo de troya en el directorio de trabajos actual. • http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blob%3Bf=NEWS%3Bh=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd%3Bhb=c6750af99ada7fa4815ee834e4e705bcfac9c137 http://seclists.org/oss-sec/2013/q1/692 http://www.osvdb.org/91520 http://www.securityfocus.com/bid/58583 https://exchange.xforce.ibmcloud.com/vulnerabilities/85065 •
CVE-2014-3776
https://notcve.org/view.php?id=CVE-2014-3776
Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument. Desbordamiento de buffer en el procedimiento 'read-u8vector!' en la unidad srfi-4 en CHICKEN Stable 4.8.0.7 y Development Snapshots anterior a 4.9.1 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) y posiblemente ejecutar código arbitrario a través de un valor '#f' en el argumento NUM. • http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commit%3Bh=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html http://lists.gnu.org/archive/html/chicken-hackers/2014-05/msg00032.html http://seclists.org/oss-sec/2014/q2/328 http://seclists.org/oss-sec/2014/q2/334 http://www.securityfocus.com/bid/67468 https://bugs.call-cc.org/ticket/1124 https://security.gentoo.org/glsa/201612-54 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4385
https://notcve.org/view.php?id=CVE-2013-4385
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument. Desbordamiento de búfer en el procedimiento "read-string!" en la unidad "extras" en el establo CHICKEN en versiones anteriores a 4.8.0.5 e instantaneas de desarrollo en versiones anteriores a 4.8.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) y posiblemente ejecutar un código arbitrario a través de un valor "#f" en el argumento NUM. • http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00001.html http://secunia.com/advisories/55009 http://www.securityfocus.com/bid/62690 https://security.gentoo.org/glsa/201612-54 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •