Inefficient Algorithmic Complexity

CVE-2017-11343

High

7.5/10

Summary

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-407 - Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

Advisory Timeline

Published Jul 17, 2017

Inefficient Algorithmic Complexity

CVE-2017-11343

Summary

CWE-407 - Inefficient Algorithmic Complexity

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS