VYPR

CHICKEN Scheme

by CHICKEN Scheme

CVEs (2)

  • CVE-2016-6830CriJan 10, 2017
    risk 0.64cvss 9.8epss 0.02

    The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This…

  • CVE-2017-11343HigJul 17, 2017
    risk 0.49cvss 7.5epss 0.01

    Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.