CVE-2022-45145 - OpenCVE

egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Call-cc	Chicken

Configuration 1 [-]

cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3
https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9
https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-10T00:00:00

Updated: 2024-08-03T14:09:56.191Z

Reserved: 2022-11-11T00:00:00

Link: CVE-2022-45145

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-10T16:15:09.480

Modified: 2023-11-07T03:54:37.230

Link: CVE-2022-45145

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45145", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T14:09:56.191Z", "dateReserved": "2022-11-11T00:00:00", "datePublished": "2022-12-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"}, {"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"}, {"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.191Z"}, "title": "CVE Program Container", "references": [{"url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html", "tags": ["x_transferred"]}, {"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9", "tags": ["x_transferred"]}, {"url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:call-cc:chicken:*:*:*:*:*:*:*:*", "matchCriteriaId": "430CF03D-4979-43DA-9702-56F03889B80E", "versionEndExcluding": "5.3.1", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file."}, {"lang": "es", "value": "egg-compile.scm en CHICKEN 5.x anterior a 5.3.1 permite la ejecuci\u00f3n arbitraria de comandos del Sistema Operativo durante la instalaci\u00f3n del paquete mediante caracteres de escape en un archivo .egg."}], "id": "CVE-2022-45145", "lastModified": "2023-11-07T03:54:37.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-10T16:15:09.480", "references": [{"source": "cve@mitre.org", "url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=NEWS%3Bh=54888afff09353093453673c407cabfe76a5ce77%3Bhp=a3fd88a892f82c8353267f50509d018bbb1934b9%3Bhb=670478435a982fc4d1f001ea08669f53d35a51cd%3Bhpb=a08f8f548d772ef410c672ba33a27108d8d434f3"}, {"source": "cve@mitre.org", "url": "https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git%3Ba=blobdiff%3Bf=egg-compile.scm%3Bh=9ba4568113350ec75204cba55e43e27925e2d6fe%3Bhp=c1f2ceb0fb470f63c2ba2a1cf9d8d40083c2359f%3Bhb=a08f8f548d772ef410c672ba33a27108d8d434f3%3Bhpb=9c6fb001c25de4390f46ffd7c3c94237f4df92a9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}