参照: Official ubuntu advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-6830 medium priority: Ubuntu including 1 source packages (chicken), 23 status rows across 23 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, xenial, yakkety, zesty): not-affected 16, ignored 3, needed 2, DNE 1, released 1.
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).