Vulnerability Description
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Call-Cc | Chicken | >= 5.0.0, < 5.3.1 |
Related Weaknesses (CWE)
References
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=
- https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.htmlMailing ListPatchThird Party Advisory
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=
- https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=
- https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.htmlMailing ListPatchThird Party Advisory
FAQ
What is CVE-2022-45145?
CVE-2022-45145 is a vulnerability with a CVSS score of 9.8 (CRITICAL). egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
How severe is CVE-2022-45145?
CVE-2022-45145 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-45145?
Check the references section above for vendor advisories and patch information. Affected products include: Call-Cc Chicken.