Vasilij Schneidermann

**Name of the Vulnerable Software and Affected Versions** CHICKEN Scheme versions prior to 4.12 **Description** The issue arises from the "process-execute" and "process-spawn" procedures in CHICKEN Scheme, which utilize fixed-size buffers to hold arguments and environment variables for the execve() call. This can lead to a buffer overrun when user-supplied argument or environment variable lists are used. **Recommendations** For versions prior to 4.12, update to version 4.12 or 5.0 when available to resolve the issue. As a temporary workaround, consider restricting the use of the "process-execute" and "process-spawn" procedures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CHICKEN versions prior to 4.12 **Description** The issue arises from the `process-execute` and `process-spawn` procedures not freeing memory correctly when the `execve()` call fails, leading to a memory leak. This could be exploited by an attacker to cause resource exhaustion or a denial of service. **Recommendations** For versions prior to 4.12, update to version 4.12 or 5.0 when available to resolve the issue. As a temporary workaround, consider implementing measures to monitor and limit resource usage to minimize the risk of exploitation.