N/A

The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).

N/A

N/A

CHICKEN 缓冲区错误漏洞

CHICKEN是一款基于Scheme语言的编译器和解释器，它能够将Scheme代码编译成标准C代码，且支持扩展。 CHICKEN 4.11及之前的版本中的CHICKEN Scheme的‘process-execute’和‘process-spawn’程序存在安全漏洞。攻击者可利用该漏洞执行任意代码。

N/A

N/A