CVE-2017-11343

HIGH

CHICKEN Scheme <4.12.0 - Info Disclosure

Title source: llm

Description

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.

References (1)

[Vendor Advisory] http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html

Scores

CVSS v3 7.5

EPSS 0.0035

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-407

Status published

Products (1)

call-cc/chicken < 4.12.0

Published Jul 17, 2017

Tracked Since Feb 18, 2026