Buffer Overrun Vulnerability in CHICKEN Scheme's process-execute and process-spawn Procedures

CVE-2016-6830 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).

Learn more about our User Device Pen Test.