Login Sign Up

CVE-2012-6125

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2012-6125 is a denial-of-service vulnerability in Chicken Scheme implementations before version 4.8.0. Attackers can craft malicious input to cause hash table collisions, leading to excessive CPU consumption and service degradation. This affects any system running vulnerable Chicken Scheme interpreters or applications built with them.

💻 Affected Systems

Products:
  • Chicken Scheme
Versions: All versions before 4.8.0
Operating Systems: All platforms running Chicken Scheme
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using Chicken Scheme's hash table implementation is vulnerable when processing untrusted input.

📦 What is this software?

Chicken by Call Cc

View all CVEs affecting Chicken →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability through resource exhaustion, potentially affecting dependent applications and services.

🟠

Likely Case

Degraded performance and intermittent service disruptions due to CPU saturation.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place.

🌐 Internet-Facing: MEDIUM - Requires attacker to submit crafted input to vulnerable endpoints.
🏢 Internal Only: LOW - Typically requires intentional malicious activity from authenticated users.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept code demonstrating hash collision attacks has been publicly discussed in security mailing lists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.8.0 and later

Vendor Advisory: https://lists.nongnu.org/archive/html/chicken-hackers/2012-01/msg00020.html

Restart Required: Yes

Instructions:

1. Download Chicken Scheme 4.8.0 or later from official sources. 2. Compile and install the updated version. 3. Recompile any Chicken applications with the new version. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation to reject malformed data before processing by hash tables.

Resource limiting

linux

Configure CPU and memory limits for Chicken processes to contain potential DoS impact.

ulimit -t 300
ulimit -v 1048576

🧯 If You Can't Patch

  • Isolate vulnerable systems in restricted network segments
  • Implement rate limiting and request throttling for Chicken-based services

🔍 How to Verify

Check if Vulnerable:

Check Chicken version with 'csi -version' or examine installed packages.

Check Version:

csi -version

Verify Fix Applied:

Confirm version is 4.8.0 or higher and test with known hash collision test vectors.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high CPU usage by Chicken processes
  • Increased processing time for specific inputs

Network Indicators:

  • Patterns of crafted requests to Chicken-based services

SIEM Query:

process.name:"csi" AND cpu.usage > 90%

📊 Metadata

CVE ID: CVE-2012-6125
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: October 31, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2012-6125, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2019-11708 10.0

This vulnerability allows a compromised child process in Firefox/Thunderbird to trick the parent pro...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)