CVE-2016-6831

Name	CVE-2016-6831
Description	The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
References	DLA-643-1
NVD severity	medium
Debian Bugs	834845

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
chicken (PTS)	stretch	4.11.0-1	vulnerable
	buster	4.13.0-1	fixed
	bookworm, sid, bullseye	5.2.0-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
chicken	source	wheezy	4.7.0-1+deb7u1		DLA-643-1
chicken	source	(unstable)	4.12.0-0.2			834845

Notes

[stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
Fixed in the same upstream patch which is provided for CVE-2016-6830