Lucene search

[email protected]CVE-2017-11343

HistoryJul 17, 2017 - 1:18 p.m.

CVE-2017-11343

2017-07-1713:18:00

CWE-407

[email protected]

web.nvd.nist.gov

cve-2017-11343

chicken scheme

vulnerability

algorithmic complexity attack

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.8%

JSON

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.

CPENameOperatorVersion
call-cc:chickencall-cc chickenle4.12.0

CPE	Name	Operator	Version
call-cc:chicken	call-cc chicken	le	4.12.0

References

lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2017-11343

osv1 prion2 ubuntucve2 debiancve2 nessus3 fedora2 openvas2 freebsd1 cve1