Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Chicken
(Call\-Cc)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-05-20 | CVE-2014-3776 | Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument. | Chicken | N/A | ||
| 2014-09-29 | CVE-2013-1874 | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | Chicken | N/A | ||
| 2019-10-31 | CVE-2013-2075 | Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. | Chicken | 8.8 | ||
| 2022-12-10 | CVE-2022-45145 | egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | Chicken | 9.8 | ||
| 2019-10-31 | CVE-2013-2024 | OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. | Chicken, Debian_linux | N/A | ||
| 2017-06-01 | CVE-2017-9334 | An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. | Chicken | N/A | ||
| 2019-11-22 | CVE-2014-6310 | Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | Chicken, Debian_linux | N/A | ||
| 2019-10-31 | CVE-2012-6123 | Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." | Chicken, Debian_linux | N/A | ||
| 2019-10-31 | CVE-2012-6124 | A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | Chicken | N/A | ||
| 2019-10-31 | CVE-2012-6125 | Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | Chicken | N/A |