CVE-2022-45145

CVSS V2 None CVSS V3 None

Description

egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.

Overview

CVE ID
CVE-2022-45145

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-12-10T16:15:09

Last Modified Date
2022-12-13T14:46:45

Weakness Enumerations

CWE	URL
CWE-78	http://cwe.mitre.org/data/definitions/78.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:call-cc:chicken::::::::	1	OR	5.0.0	5.3.1

References

Reference URL	Reference Tags
https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blobdiff;f=NEWS;h=54888afff09353093453673c407cabfe76a5ce77;hp=a3fd88a892f82c8353267f50509d018bbb1934b9;hb=670478435a982fc4d1f001ea08669f53d35a51cd;hpb=a08f8f548d772ef410c672ba33a27108d8d434f
https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blobdiff;f=egg-compile.scm;h=9ba4568113350ec75204cba55e43e27925e2d6fe;hp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f;hb=a08f8f548d772ef410c672ba33a27108d8d434f3;hpb=9c6fb001c25de4390f46ffd7c3c9
https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45145
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45145

History

Created	Old Value	New Value	Data Type	Notes
2022-12-10 17:14:14				Added to TrackCVE
2022-12-11 05:15:24	2022-12-10T16:15:09.480	2022-12-10T16:15:09	CVE Published Date	updated
2022-12-11 05:15:24		2022-12-11T04:35:14	CVE Modified Date	updated
2022-12-11 05:15:24	Received	Awaiting Analysis	Vulnerability Status	updated
2022-12-12 01:14:48	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-12 12:24:23	Undergoing Analysis	Awaiting Analysis	Vulnerability Status	updated
2022-12-12 14:15:43	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-13 15:14:52		2022-12-13T14:46:45	CVE Modified Date	updated
2022-12-13 15:14:52	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-13 15:14:52		CWE-78	Weakness Enumeration	new
2022-12-13 15:14:54			CPE Information	updated