CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6831
https://notcve.org/view.php?id=CVE-2016-6831
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). Los procedimientos "process-execute" y "process-spawn" no liberan correctamente la memoria cuando falla la llamada execve(), resultando en una perdida de memoria. Esto podría ser aprovechado por un atacante para provocar un agotamiento de recursos o una denegación de servicio. • http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html http://www.securityfocus.com/bid/92550 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6830
https://notcve.org/view.php?id=CVE-2016-6830
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). Los procedimientos "process-execute" y "process-spawn" en CHICKEN Scheme utilizaron búfers de tamaño fijo para mantener los argumentos y las variables de entorno para usar en su llamada execve(). Esto podría permitir que las listas de variable de argumento/entorno suministradas por el usuario desencadenaran un desbordamiento de búfer. • http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html http://www.securityfocus.com/bid/92550 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2024
https://notcve.org/view.php?id=CVE-2013-2024
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. Una vulnerabilidad de inyección de comandos de Sistema Operativo en el procedimiento "qs" del módulo "utils" en Chicken versiones anteriores a 4.9.0. • http://www.openwall.com/lists/oss-security/2013/04/29/13 http://www.securityfocus.com/bid/59320 https://access.redhat.com/security/cve/cve-2013-2024 https://exchange.xforce.ibmcloud.com/vulnerabilities/85064 https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html https://security-tracker.debian.org/tracker/CVE-2013-2024 https://security.gentoo.org/glsa/201612-54 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-4556
https://notcve.org/view.php?id=CVE-2015-4556
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). El procedimiento string-translate* en la unidad de estructuras de datos CHICKEN en versiones anteriores a 4.10.0 permite a atacantes remotos provocar una denegación de servicio (caída). • http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html http://seclists.org/oss-sec/2015/q2/712 http://www.securityfocus.com/bid/97293 https://bugzilla.redhat.com/show_bug.cgi?id=1231871 https://security.gentoo.org/glsa/201612-54 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9651
https://notcve.org/view.php?id=CVE-2014-9651
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures." Vulnerabilidad de desbordamiento de Buffer en CHICKEN 4.9.0.x en versiones anteriores a 4.9.0.2, 4.9.x en versiones anteriores a 4.9.1 y en versiones anteriores a 5.0, permite a atacantes tener un impacto no especificado a través de un argumento START positivo a 'substring-index[-ci] procedures'. • http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html http://lists.nongnu.org/archive/html/chicken-users/2015-01/msg00048.html http://www.securityfocus.com/bid/72011 https://security.gentoo.org/glsa/201612-54 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •