CVE-2012-6122

Description

Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.

References

Link	Tags
https://security-tracker.debian.org/tracker/CVE-2012-6122	third party advisory
https://access.redhat.com/security/cve/cve-2012-6122	broken link
http://www.openwall.com/lists/oss-security/2013/02/08/2	third party advisory mailing list
http://lists.gnu.org/archive/html/chicken-announce/2013-10/msg00000.html	mailing list release notes patch third party advisory
http://www.openwall.com/lists/oss-security/2013/05/08/3	mailing list third party advisory patch
http://www.openwall.com/lists/oss-security/2013/05/09/1	mailing list third party advisory patch
https://lists.nongnu.org/archive/html/chicken-users/2012-06/msg00031.html	third party advisory mailing list
https://lists.nongnu.org/archive/html/chicken-hackers/2012-11/msg00075.html	mailing list third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2012-6122?: CVE-2012-6122 has been scored as a high severity vulnerability.
How to fix CVE-2012-6122?: To fix CVE-2012-6122, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2012-6122 being actively exploited in the wild?: It is possible that CVE-2012-6122 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2012-6122?: CVE-2012-6122 affects chicken chicken.

Description

Category

CWE-120 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Frequently Asked Questions