CVE-2012-6123

UNRATEDJSON export Create alert

Description

Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."

Affected products

chicken / chickenbefore 4.8.0 – before 4.8.0

References

VENDOR_ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-6123
VENDOR_ADVISORYhttps://access.redhat.com/security/cve/cve-2012-6123
MAILING_LISThttp://www.openwall.com/lists/oss-security/2013/02/08/2