CVE-2017-11343
7.5
HIGH
CVSS 3.1
EPSS 0.35%
Description
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.
How to fix CVE-2017-11343
To remediate CVE-2017-11343, upgrade the affected package to a fixed version below.
- Debian/chicken—upgrade to 4.12.0-0.2 or later
Is CVE-2017-11343 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.12.0-0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |