Input validation error in Chicken Scheme - CVE-2012-6123
Published: October 31, 2019 / Updated: August 8, 2020
Vulnerability identifier: #VU35125
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-6123
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: call-cc.org
Affected software:
Chicken Scheme
Chicken Scheme
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."
How to mitigate CVE-2012-6123
Install update from vendor's website.