Vulnerabilities > Call CC > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-22 CVE-2014-6310 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
network
low complexity
call-cc debian CWE-120
7.5
2019-10-31 CVE-2013-2075 Classic Buffer Overflow vulnerability in Call-Cc Chicken
Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.
network
low complexity
call-cc CWE-120
8.8
2019-10-31 CVE-2012-6125 Improper Input Validation vulnerability in Call-Cc Chicken
Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.
network
low complexity
call-cc CWE-20
7.5
2017-06-07 CVE-2015-8235 Path Traversal vulnerability in Call-Cc Spiffy
Directory traversal vulnerability in Spiffy before 5.4.
network
low complexity
call-cc CWE-22
7.5
2017-01-10 CVE-2016-6830 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Call-Cc Chicken
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call.
network
low complexity
call-cc CWE-119
7.5
2015-08-28 CVE-2014-9651 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Call-Cc Chicken 4.10.0/4.9.0/4.9.0.1
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
network
low complexity
call-cc CWE-119
7.5
2013-10-09 CVE-2013-4385 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Call-Cc Chicken
Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.
network
low complexity
call-cc CWE-119
7.5