Main Vulnerability Database Vulnerabilities #VU35125

#VU35125 Input validation error in Chicken Scheme - CVE-2012-6123

Published: October 31, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35125

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-6123

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Chicken Scheme

Software vendor:
call-cc.org

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."

Install update from vendor's website.