The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
Link | Resource |
---|---|
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/92550 | Third Party Advisory VDB Entry |
http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html | Patch Vendor Advisory |
http://www.securityfocus.com/bid/92550 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 02:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/92550 - Third Party Advisory, VDB Entry |
Information
Published : 2017-01-10 15:59
Updated : 2024-11-21 02:56
NVD link : CVE-2016-6830
Mitre link : CVE-2016-6830
CVE.ORG link : CVE-2016-6830
JSON object : View
Products Affected
call-cc
- chicken
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer