16 results (0.002 seconds)

CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0

Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. Un desbordamiento de búfer en CHICKEN versiones 4.9.0 y 4.9.0.1, puede permitir a atacantes remotos ejecutar código arbitrario por medio de la función "select". • http://www.openwall.com/lists/oss-security/2014/09/11/6 http://www.securityfocus.com/bid/69727 https://lists.nongnu.org/archive/html/chicken-users/2014-08/msg00055.html https://security-tracker.debian.org/tracker/CVE-2014-6310 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. Chicken versiones anteriores a 4.8.0, es susceptible a ataques de complejidad algorítmica relacionados con colisiones de tablas hash. • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6125 https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html https://security-tracker.debian.org/tracker/CVE-2012-6125 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." Un error de conversión en Chicken versiones anteriores a 4.8.0, en la plataforma de 64 bits causó que el generador de números aleatorios devolviera un valor constante. NOTA: el proveedor declara "This function wasn't used for security purposes (and is advertised as being unsuitable)." • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6124 https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html https://security-tracker.debian.org/tracker/CVE-2012-6124 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." Chicken versiones anteriores a 4.8.0, no maneja apropiadamente los bytes NUL en determinadas cadenas, lo que permite a un atacante conducir un "poisoned NUL byte attack." • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6123 https://security-tracker.debian.org/tracker/CVE-2012-6123 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. Un desbordamiento de búfer en el programador de subprocesos (hilos) en Chicken versiones anteriores a 4.8.0.1, permite a atacantes causar una denegación de servicio (bloqueo) mediante la apertura de un descriptor de archivo con un valor entero grande. • http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html http://www.openwall.com/lists/oss-security/2013/02/08/2 http://www.openwall.com/lists/oss-security/2013/05/08/3 http://www.openwall.com/lists/oss-security/2013/05/09/1 https://access.redhat.com/security/cve/cve-2012-6122 https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html https://security-tra • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •