VYPR
Vendor

CHICKEN

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2022-45145CriDec 10, 2022
    risk 0.64cvss 9.8epss 0.01

    egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.

  • CVE-2014-6310CriNov 22, 2019
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.

  • CVE-2012-6125CriOct 31, 2019
    risk 0.64cvss 9.8epss 0.02

    Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.

  • CVE-2013-2024HigOct 31, 2019
    risk 0.58cvss 8.8epss 0.05

    OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.

  • CVE-2013-2075HigOct 31, 2019
    risk 0.57cvss 8.8epss 0.02

    Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of…

  • CVE-2012-6122HigOct 31, 2019
    risk 0.49cvss 7.5epss 0.02

    Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.

  • CVE-2015-4556HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).

  • CVE-2016-6831HigJan 10, 2017
    risk 0.49cvss 7.5epss 0.02

    The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and…

  • CVE-2012-6123MedOct 31, 2019
    risk 0.42cvss 6.5epss 0.01

    Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."

  • CVE-2012-6124MedOct 31, 2019
    risk 0.35cvss 5.3epss 0.01

    A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."

  • CVE-2014-9651Aug 28, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

  • CVE-2013-1874Sep 29, 2014
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

  • CVE-2014-3776May 20, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f"…

  • CVE-2013-4385Oct 9, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a…