CHICKEN
Products
2- 14 CVEs
- 0 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45145 | Cri | 0.64 | 9.8 | 0.01 | Dec 10, 2022 | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | ||
| CVE-2014-6310 | Cri | 0.64 | 9.8 | 0.05 | Nov 22, 2019 | Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | ||
| CVE-2012-6125 | Cri | 0.64 | 9.8 | 0.02 | Oct 31, 2019 | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | ||
| CVE-2013-2024 | Hig | 0.58 | 8.8 | 0.05 | Oct 31, 2019 | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | ||
| CVE-2013-2075 | Hig | 0.57 | 8.8 | 0.02 | Oct 31, 2019 | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of… | ||
| CVE-2012-6122 | Hig | 0.49 | 7.5 | 0.02 | Oct 31, 2019 | Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. | ||
| CVE-2015-4556 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2017 | The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | ||
| CVE-2016-6831 | Hig | 0.49 | 7.5 | 0.02 | Jan 10, 2017 | The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and… | ||
| CVE-2012-6123 | Med | 0.42 | 6.5 | 0.01 | Oct 31, 2019 | Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | ||
| CVE-2012-6124 | Med | 0.35 | 5.3 | 0.01 | Oct 31, 2019 | A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | ||
| CVE-2014-9651 | 0.00 | — | 0.01 | Aug 28, 2015 | Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures." | |||
| CVE-2013-1874 | 0.00 | — | 0.00 | Sep 29, 2014 | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | |||
| CVE-2014-3776 | 0.00 | — | 0.04 | May 20, 2014 | Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f"… | |||
| CVE-2013-4385 | 0.00 | — | 0.03 | Oct 9, 2013 | Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a… |
- risk 0.64cvss 9.8epss 0.01
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
- risk 0.64cvss 9.8epss 0.05
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
- risk 0.64cvss 9.8epss 0.02
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
- risk 0.58cvss 8.8epss 0.05
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
- risk 0.57cvss 8.8epss 0.02
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of…
- risk 0.49cvss 7.5epss 0.02
Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
- risk 0.49cvss 7.5epss 0.02
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
- risk 0.49cvss 7.5epss 0.02
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and…
- risk 0.42cvss 6.5epss 0.01
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
- risk 0.35cvss 5.3epss 0.01
A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."
- CVE-2014-9651Aug 28, 2015risk 0.00cvss —epss 0.01
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
- CVE-2013-1874Sep 29, 2014risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
- CVE-2014-3776May 20, 2014risk 0.00cvss —epss 0.04
Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f"…
- CVE-2013-4385Oct 9, 2013risk 0.00cvss —epss 0.03
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a…