CVE-2016-6830

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-01-10 15:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-6830

Mitre link : CVE-2016-6830

CVE.ORG link : CVE-2016-6830


JSON object : View

Products Affected

call-cc

  • chicken
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer