Vulnerability CVE-2017-11343

Vulnerability Name:

CVE-2017-11343 (CCN-129041)

Assigned:

2017-07-16

Published:

2017-07-16

Updated:

2017-07-26

Summary:

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-407

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-11343

Source: CCN
Type: Chicken Mailing List, Sun, 16 Jul 2017 20:32:03 +0200
Vulnerability to algorithmic complexity at

Source: CONFIRM
Type: Vendor Advisory
http://lists.gnu.org/archive/html/chicken-announce/2017-07/msg00000.html

Source: CCN
Type: CHICKEN Web site
[PATCH 2/2] Initialize symbol table after setting up randomization

Source: XF
Type: UNKNOWN
chicken-cve201711343-dos(129041)

Vulnerable Configuration:

Configuration 1:

cpe:/a:call-cc:chicken:*:*:*:*:*:*:*:* (Version <= 4.12.0)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:2017113430000000	V	CVE-2017-11343 on Ubuntu 16.04 LTS (xenial) - low.	2017-07-17
oval:com.ubuntu.artful:def:201711343000	V	CVE-2017-11343 on Ubuntu 17.10 (artful) - low.	2017-07-17
oval:com.ubuntu.xenial:def:201711343000	V	CVE-2017-11343 on Ubuntu 16.04 LTS (xenial) - low.	2017-07-17
oval:com.ubuntu.disco:def:2017113430000000	V	CVE-2017-11343 on Ubuntu 19.04 (disco) - low.	2017-07-17
oval:com.ubuntu.bionic:def:201711343000	V	CVE-2017-11343 on Ubuntu 18.04 LTS (bionic) - low.	2017-07-17
oval:com.ubuntu.cosmic:def:2017113430000000	V	CVE-2017-11343 on Ubuntu 18.10 (cosmic) - low.	2017-07-17
oval:com.ubuntu.cosmic:def:201711343000	V	CVE-2017-11343 on Ubuntu 18.10 (cosmic) - low.	2017-07-17
oval:com.ubuntu.bionic:def:2017113430000000	V	CVE-2017-11343 on Ubuntu 18.04 LTS (bionic) - low.	2017-07-17
oval:com.ubuntu.trusty:def:201711343000	V	CVE-2017-11343 on Ubuntu 14.04 LTS (trusty) - low.	2017-07-17

BACK