14 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. Chicken versiones anteriores a 4.8.0, es susceptible a ataques de complejidad algorítmica relacionados con colisiones de tablas hash. • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6125 https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00002.html https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html https://security-tracker.debian.org/tracker/CVE-2012-6125 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." Un error de conversión en Chicken versiones anteriores a 4.8.0, en la plataforma de 64 bits causó que el generador de números aleatorios devolviera un valor constante. NOTA: el proveedor declara "This function wasn't used for security purposes (and is advertised as being unsuitable)." • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6124 https://lists.nongnu.org/archive/html/chicken-hackers/2012-02/msg00084.html https://security-tracker.debian.org/tracker/CVE-2012-6124 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." Chicken versiones anteriores a 4.8.0, no maneja apropiadamente los bytes NUL en determinadas cadenas, lo que permite a un atacante conducir un "poisoned NUL byte attack." • http://www.openwall.com/lists/oss-security/2013/02/08/2 https://access.redhat.com/security/cve/cve-2012-6123 https://security-tracker.debian.org/tracker/CVE-2012-6123 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. Un desbordamiento de búfer en el programador de subprocesos (hilos) en Chicken versiones anteriores a 4.8.0.1, permite a atacantes causar una denegación de servicio (bloqueo) mediante la apertura de un descriptor de archivo con un valor entero grande. • http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html http://www.openwall.com/lists/oss-security/2013/02/08/2 http://www.openwall.com/lists/oss-security/2013/05/08/3 http://www.openwall.com/lists/oss-security/2013/05/09/1 https://access.redhat.com/security/cve/cve-2012-6122 https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html https://security-tra • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0

Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. Múltiples desbordamientos del búfer en los procedimientos (1) R5RS char-ready, (2) tcp-accept-ready y (3) file-select en Chicken versiones hasta 4.8.0.3, permiten a atacantes causar una denegación de servicio (bloqueo) mediante la apertura de un descriptor de archivo con un valor entero grande. NOTA: este problema se presenta debido a una solución incompleta para CVE-2012-6122. • http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=556108092774086b6c86c2e27daf3f740ffec091 http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=766056cd5f26b1d529405705449cb534609c113f http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=commitdiff%3Bh=9e2022652258e8a30e5cedbf0abc9cd85a0f6af7 http://www.openwall.com/lists/oss-security/2013/05/11/3 http://www.securityfocus.com/bid/59758 https://exchange.xforce.ibmcloud.com/vulnerabilities/84188 http • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •