CVE-2017-11343
Published: 17 July 2017
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
Priority
Status
Package | Release | Status |
---|---|---|
chicken Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(4.12.0-0.3)
|
|
impish |
Not vulnerable
(4.12.0-0.3)
|
|
hirsute |
Not vulnerable
(4.12.0-0.3)
|
|
kinetic |
Not vulnerable
(4.12.0-0.3)
|
|
lunar |
Not vulnerable
(4.12.0-0.3)
|
|
cosmic |
Not vulnerable
(4.12.0-0.3)
|
|
disco |
Not vulnerable
(4.12.0-0.3)
|
|
eoan |
Not vulnerable
(4.12.0-0.3)
|
|
focal |
Not vulnerable
(4.12.0-0.3)
|
|
groovy |
Not vulnerable
(4.12.0-0.3)
|
|
jammy |
Not vulnerable
(4.12.0-0.3)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(4.12.0-0.2)
|
|
xenial |
Needed
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
(4.12.0-0.3)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |