Product:

Chicken

(Call\-Cc)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2014-05-20 CVE-2014-3776 Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument. Chicken N/A
2014-09-29 CVE-2013-1874 Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. Chicken N/A
2019-10-31 CVE-2013-2075 Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122. Chicken 8.8
2022-12-10 CVE-2022-45145 egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. Chicken 9.8
2019-10-31 CVE-2013-2024 OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. Chicken, Debian_linux N/A
2017-06-01 CVE-2017-9334 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. Chicken N/A
2019-11-22 CVE-2014-6310 Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. Chicken, Debian_linux N/A
2019-10-31 CVE-2012-6123 Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." Chicken, Debian_linux N/A
2019-10-31 CVE-2012-6124 A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." Chicken N/A
2019-10-31 CVE-2012-6125 Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. Chicken N/A