#VU41275 Input validation error in Chicken Scheme - CVE-2013-1874
Published: September 30, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU41275
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-1874
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Chicken Scheme
Chicken Scheme
Software vendor:
call-cc.org
call-cc.org
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. <a href = http://cwe.mitre.org/data/definitions/426.html> CWE-426: Untrusted Search Path </a>
Remediation
Install update from vendor's website.
External links
- http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=c21c7cf9d1faf4f78736890ac7ca1d4b82d72ddd;hb=c6750af99ada7fa4815ee834e4e705bcfac9c137
- http://seclists.org/oss-sec/2013/q1/692
- http://www.osvdb.org/91520
- http://www.securityfocus.com/bid/58583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85065