Candidate: CVE-2017-6949
PublicDate: 2017-03-16 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6949
 http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html
Description:
 An issue was discovered in CHICKEN Scheme through 4.12.0. When using a
 nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in
 unmanaged memory, the vector size would be used in unsanitised form as an
 argument to malloc(). With an unexpected size, the impact may have been a
 segfault or buffer overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_chicken:
upstream_chicken: released (4.12.0-0.2)
precise_chicken: ignored (reached end-of-life)
precise/esm_chicken: DNE (precise was needs-triage)
trusty_chicken: ignored (reached end-of-life)
trusty/esm_chicken: DNE (trusty was needed)
vivid/stable-phone-overlay_chicken: DNE
vivid/ubuntu-core_chicken: DNE
xenial_chicken: ignored (end of standard support, was needed)
yakkety_chicken: ignored (reached end-of-life)
zesty_chicken: ignored (reached end-of-life)
artful_chicken: ignored (reached end-of-life)
bionic_chicken: not-affected (4.12.0-0.3)
cosmic_chicken: not-affected (4.12.0-0.3)
disco_chicken: not-affected (4.12.0-0.3)
eoan_chicken: not-affected (4.12.0-0.3)
focal_chicken: not-affected (4.12.0-0.3)
groovy_chicken: not-affected (4.12.0-0.3)
hirsute_chicken: not-affected (4.12.0-0.3)
impish_chicken: not-affected (4.12.0-0.3)
jammy_chicken: not-affected (4.12.0-0.3)
devel_chicken: not-affected (4.12.0-0.3)