CVE-2022-45145
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
10/12/2022
Last modified:
23/04/2025
Description
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:* | 5.0.0 (including) | 5.3.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba%3Dblobdiff%3Bf%3DNEWS%3Bh%3D54888afff09353093453673c407cabfe76a5ce77%3Bhp%3Da3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb%3D670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb%3Da08f8f548d772ef410c672ba33a27108d8d434f3
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba%3Dblobdiff%3Bf%3Degg-compile.scm%3Bh%3D9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp%3Dc1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb%3Da08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb%3D9c6fb001c25de4390f46ffd7c3c94237f4df92a9
- https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba%3Dblobdiff%3Bf%3DNEWS%3Bh%3D54888afff09353093453673c407cabfe76a5ce77%3Bhp%3Da3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb%3D670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb%3Da08f8f548d772ef410c672ba33a27108d8d434f3
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba%3Dblobdiff%3Bf%3Degg-compile.scm%3Bh%3D9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp%3Dc1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb%3Da08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb%3D9c6fb001c25de4390f46ffd7c3c94237f4df92a9
- https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html