CVE-2017-6949

NameCVE-2017-6949
DescriptionAn issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs858057

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chicken (PTS)wheezy4.7.0-1vulnerable
wheezy (security)4.7.0-1+deb7u1vulnerable
jessie4.9.0.1-1vulnerable
stretch, sid4.11.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chickensource(unstable)(unfixed)medium858057

Notes

[jessie] - chicken <no-dsa> (Minor issue)
http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html

Search for package or bug name: Reporting problems