Download
| Alert*
CVE-2013-2075
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix fo ... CVE-2013-2024 OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0. CVE-2012-6125 Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. CVE-2012-6122 Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. CVE-2012-6123 Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack." CVE-2017-9334 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. |