CVE-2016-6830
Last modified
CVE-2016-6830 is a vulnerability of currently unknown severity. The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. EPSS estimates a 2.15% chance of exploitation in the next 30 days.
Description
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Call-Cc | Chicken | <= 4.11.0 |
References
- http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/92550Third Party Advisory, VDB Entry
- http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/92550Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-6830?
How severe is CVE-2016-6830?
How do I fix CVE-2016-6830?
Are you affected by CVE-2016-6830?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST