{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","type":"deb","namespace":"debian","name":"chicken","version":"5.3.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.3.0-2","latest_non_vulnerable_version":"5.3.0-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202572?format=json","vulnerability_id":"VCID-1mjm-3q8j-gyfy","summary":"Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct \"poisoned NUL byte attack.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6123","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.6267","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62772","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6123"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410","reference_id":"702410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27147?format=json","purl":"pkg:deb/debian/chicken@4.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-6123"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mjm-3q8j-gyfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211411?format=json","vulnerability_id":"VCID-1pcw-hnzx-pkd8","summary":"Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-ready, and (3) file-select procedures in Chicken through 4.8.0.3 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value. NOTE: this issue exists because of an incomplete fix for CVE-2012-6122.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2075","reference_id":"","reference_type":"","scores":[{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.72369","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00695","scoring_system":"epss","scoring_elements":"0.7245","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2075"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27151?format=json","purl":"pkg:deb/debian/chicken@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2075"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pcw-hnzx-pkd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185179?format=json","vulnerability_id":"VCID-1tkn-qp52-wqee","summary":"Multiple vulnerabilities have been found in Chicken, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2024","reference_id":"","reference_type":"","scores":[{"value":"0.02963","scoring_system":"epss","scoring_elements":"0.86791","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02963","scoring_system":"epss","scoring_elements":"0.86839","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2024"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706525","reference_id":"706525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706525"},{"reference_url":"https://security.gentoo.org/glsa/201612-54","reference_id":"GLSA-201612-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27142?format=json","purl":"pkg:deb/debian/chicken@4.8.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-2024"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tkn-qp52-wqee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204516?format=json","vulnerability_id":"VCID-6gsw-gc4v-kfgr","summary":"The \"process-execute\" and \"process-spawn\" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6831","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64104","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.64207","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6831"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834845","reference_id":"834845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834845"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6831"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gsw-gc4v-kfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205237?format=json","vulnerability_id":"VCID-8pu5-kyqa-zfd4","summary":"An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6949","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44824","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44974","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858057","reference_id":"858057","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858057"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6949"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pu5-kyqa-zfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202573?format=json","vulnerability_id":"VCID-bab6-dy1q-7uev","summary":"A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states \"This function wasn't used for security purposes (and is advertised as being unsuitable).\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6124","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62341","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62442","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6124"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410","reference_id":"702410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27147?format=json","purl":"pkg:deb/debian/chicken@4.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-6124"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bab6-dy1q-7uev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204108?format=json","vulnerability_id":"VCID-e7ck-7ksj-z3c3","summary":"Directory traversal vulnerability in Spiffy before 5.4.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8235","reference_id":"","reference_type":"","scores":[{"value":"0.03391","scoring_system":"epss","scoring_elements":"0.87675","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03391","scoring_system":"epss","scoring_elements":"0.87718","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8235"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8235","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8235"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27158?format=json","purl":"pkg:deb/debian/chicken@4.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8235"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7ck-7ksj-z3c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202570?format=json","vulnerability_id":"VCID-fwe1-7ugg-1qar","summary":"Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6122","reference_id":"","reference_type":"","scores":[{"value":"0.01803","scoring_system":"epss","scoring_elements":"0.83207","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01803","scoring_system":"epss","scoring_elements":"0.83268","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6122"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410","reference_id":"702410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27142?format=json","purl":"pkg:deb/debian/chicken@4.8.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-6122"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fwe1-7ugg-1qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204749?format=json","vulnerability_id":"VCID-h5qu-27zb-kubf","summary":"Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11343","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57924","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.58037","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870266","reference_id":"870266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870266"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-11343"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h5qu-27zb-kubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185183?format=json","vulnerability_id":"VCID-mdp1-9eb8-abhz","summary":"Multiple vulnerabilities have been found in Chicken, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4556","reference_id":"","reference_type":"","scores":[{"value":"0.01646","scoring_system":"epss","scoring_elements":"0.82385","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01646","scoring_system":"epss","scoring_elements":"0.82447","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4556"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788833","reference_id":"788833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788833"},{"reference_url":"https://security.gentoo.org/glsa/201612-54","reference_id":"GLSA-201612-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27158?format=json","purl":"pkg:deb/debian/chicken@4.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2015-4556"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdp1-9eb8-abhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204515?format=json","vulnerability_id":"VCID-pm5g-8tw3-fua4","summary":"The \"process-execute\" and \"process-spawn\" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trigger a buffer overrun. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6830","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.6831","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68398","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6830"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834845","reference_id":"834845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834845"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6830"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pm5g-8tw3-fua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204652?format=json","vulnerability_id":"VCID-rhrc-jz9d-k3dr","summary":"The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9954","reference_id":"","reference_type":"","scores":[{"value":"0.02616","scoring_system":"epss","scoring_elements":"0.85985","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02616","scoring_system":"epss","scoring_elements":"0.86034","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9954"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851278","reference_id":"851278","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2016-9954"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhrc-jz9d-k3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202574?format=json","vulnerability_id":"VCID-ubyx-t6hh-43c5","summary":"Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6125","reference_id":"","reference_type":"","scores":[{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70889","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70979","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6125"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410","reference_id":"702410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27147?format=json","purl":"pkg:deb/debian/chicken@4.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2012-6125"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubyx-t6hh-43c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185181?format=json","vulnerability_id":"VCID-ukz5-zytb-w3fy","summary":"Multiple vulnerabilities have been found in Chicken, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3776","reference_id":"","reference_type":"","scores":[{"value":"0.03058","scoring_system":"epss","scoring_elements":"0.87003","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03058","scoring_system":"epss","scoring_elements":"0.87048","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748904","reference_id":"748904","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748904"},{"reference_url":"https://security.gentoo.org/glsa/201612-54","reference_id":"GLSA-201612-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27154?format=json","purl":"pkg:deb/debian/chicken@4.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-3776"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukz5-zytb-w3fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185180?format=json","vulnerability_id":"VCID-ut16-69u4-f3er","summary":"Multiple vulnerabilities have been found in Chicken, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4385","reference_id":"","reference_type":"","scores":[{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86223","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86273","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4385"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724740","reference_id":"724740","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724740"},{"reference_url":"https://security.gentoo.org/glsa/201612-54","reference_id":"GLSA-201612-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27152?format=json","purl":"pkg:deb/debian/chicken@4.8.0.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-4385"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut16-69u4-f3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202754?format=json","vulnerability_id":"VCID-v93r-udz9-r7eu","summary":"Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1874","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25092","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.2529","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410","reference_id":"702410","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27142?format=json","purl":"pkg:deb/debian/chicken@4.8.0.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.8.0.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2013-1874"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v93r-udz9-r7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166060?format=json","vulnerability_id":"VCID-wvt1-nbmz-eqc8","summary":"egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45145","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62514","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62615","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45145"},{"reference_url":"https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:54:47Z/"}],"url":"https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27151?format=json","purl":"pkg:deb/debian/chicken@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2022-45145"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wvt1-nbmz-eqc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211413?format=json","vulnerability_id":"VCID-y5ng-1p3e-jqfm","summary":"Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6310","reference_id":"","reference_type":"","scores":[{"value":"0.16928","scoring_system":"epss","scoring_elements":"0.95115","published_at":"2026-06-11T12:55:00Z"},{"value":"0.16928","scoring_system":"epss","scoring_elements":"0.95131","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6310"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27151?format=json","purl":"pkg:deb/debian/chicken@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-6310"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5ng-1p3e-jqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205506?format=json","vulnerability_id":"VCID-yxpk-st78-k3ha","summary":"An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9334","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63198","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.633","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9334"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863884","reference_id":"863884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863884"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27160?format=json","purl":"pkg:deb/debian/chicken@4.12.0-0.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.12.0-0.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2017-9334"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxpk-st78-k3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185182?format=json","vulnerability_id":"VCID-yy7n-3mvt-mqdn","summary":"Multiple vulnerabilities have been found in Chicken, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9651","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63156","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63258","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775346","reference_id":"775346","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775346"},{"reference_url":"https://security.gentoo.org/glsa/201612-54","reference_id":"GLSA-201612-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27158?format=json","purl":"pkg:deb/debian/chicken@4.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@4.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27143?format=json","purl":"pkg:deb/debian/chicken@5.2.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.2.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27141?format=json","purl":"pkg:deb/debian/chicken@5.3.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/27144?format=json","purl":"pkg:deb/debian/chicken@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-2%3Fdistro=trixie"}],"aliases":["CVE-2014-9651"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy7n-3mvt-mqdn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/chicken@5.3.0-1%3Fdistro=trixie"}