Описание
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.12.0-0.1 |
| cosmic | not-affected | 4.12.0-0.1 |
| devel | not-affected | 4.12.0-0.1 |
| disco | not-affected | 4.12.0-0.1 |
| eoan | not-affected | 4.12.0-0.1 |
| esm-apps/bionic | not-affected | 4.12.0-0.1 |
| esm-apps/focal | not-affected | 4.12.0-0.1 |
| esm-apps/jammy | not-affected | 4.12.0-0.1 |
| esm-apps/noble | not-affected | 4.12.0-0.1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme ...
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3