Main Vulnerability Database Vulnerabilities #VU33507

Input validation error - CVE-2017-9334

Published: June 1, 2017 / Updated: August 4, 2020

Vulnerability identifier: #VU33507

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-9334

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.

How to mitigate CVE-2017-9334

Install update from vendor's website.

Sources

http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html

Input validation error - CVE-2017-9334

Detailed vulnerability description

How to mitigate CVE-2017-9334

Sources

Please verify you're human