Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
References
Link | Resource |
---|---|
http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html | Vendor Advisory |
http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html - Vendor Advisory |
Information
Published : 2017-07-17 13:18
Updated : 2024-11-21 03:07
NVD link : CVE-2017-11343
Mitre link : CVE-2017-11343
CVE.ORG link : CVE-2017-11343
JSON object : View
Products Affected
call-cc
- chicken
CWE
CWE-407
Inefficient Algorithmic Complexity