CVE-2017-9334

HIGH

CHICKEN Scheme < 4.12.0 - Denial of Service via Improper List Length Check

Title source: llm
STIX 2.1

Description

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
Patch, Third Party Advisory x_refsource_confirm
http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html

Scores

CVSS v3 7.5
EPSS 0.0154
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
call-cc/chicken < 4.12.0
Published Jun 01, 2017
Tracked Since Feb 18, 2026