Description
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html
Scores
CVSS v3
7.5
EPSS
0.0093
EPSS Percentile
55.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-407
Status
published
Products (1)
call-cc/chicken
< 4.12.0
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026