Main Vulnerability Database SB2017061526

SB2017061526 - Input validation error in chicken (Alpine package)

Published: June 15, 2017

Security Bulletin ID SB2017061526

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2017-9334)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=97eb361775b8195637747dcc0653b7b8c066c039
https://git.alpinelinux.org/aports/commit/?id=73556d997143937fe09a607debe5c16f29c989d7
https://git.alpinelinux.org/aports/commit/?id=2b37087c38da0bca5f8f8e7b6595be427e426f6b