CVE-2016-6831
7.5
HIGH
CVSS 3.1
EPSS 0.45%
Description
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).
How to fix CVE-2016-6831
To remediate CVE-2016-6831, upgrade the affected package to a fixed version below.
- —upgrade to 4.12.0-0.2 or later
Is CVE-2016-6831 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.12.0-0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |