Lucene search

[email protected]CVE-2014-7187

HistorySep 28, 2014 - 7:55 p.m.

CVE-2014-7187

2014-09-2819:55:00

CWE-119

[email protected]

web.nvd.nist.gov

167

cve-2014-7187

information security

gnu bash

vulnerability

out-of-bounds array access

application crash

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the “word_lineno” issue.

CPENameOperatorVersion
gnu:bashgnu basheq4.0
gnu:bashgnu basheq4.3
gnu:bashgnu basheq3.2.48
gnu:bashgnu basheq1.14.3
gnu:bashgnu basheq4.1
gnu:bashgnu basheq2.05
gnu:bashgnu basheq1.14.1
gnu:bashgnu basheq3.0
gnu:bashgnu basheq2.01
gnu:bashgnu basheq2.04

CPE	Name	Operator	Version
gnu:bash	gnu bash	eq	4.0
gnu:bash	gnu bash	eq	4.3
gnu:bash	gnu bash	eq	3.2.48
gnu:bash	gnu bash	eq	1.14.3
gnu:bash	gnu bash	eq	4.1
gnu:bash	gnu bash	eq	2.05
gnu:bash	gnu bash	eq	1.14.1
gnu:bash	gnu bash	eq	3.0
gnu:bash	gnu bash	eq	2.01
gnu:bash	gnu bash	eq	2.04

Rows per page:

1-10 of 251

References

jvn.jp/en/jp/JVN55667175/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000126

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

marc.info/?l=bugtraq&m=141330468527613&w=2

marc.info/?l=bugtraq&m=141345648114150&w=2

marc.info/?l=bugtraq&m=141383026420882&w=2

marc.info/?l=bugtraq&m=141383081521087&w=2

marc.info/?l=bugtraq&m=141383138121313&w=2

marc.info/?l=bugtraq&m=141383196021590&w=2

marc.info/?l=bugtraq&m=141383244821813&w=2

marc.info/?l=bugtraq&m=141383304022067&w=2

marc.info/?l=bugtraq&m=141450491804793&w=2

marc.info/?l=bugtraq&m=141576728022234&w=2

marc.info/?l=bugtraq&m=141577137423233&w=2

marc.info/?l=bugtraq&m=141577241923505&w=2

marc.info/?l=bugtraq&m=141577297623641&w=2

marc.info/?l=bugtraq&m=141585637922673&w=2

marc.info/?l=bugtraq&m=141694386919794&w=2

marc.info/?l=bugtraq&m=141879528318582&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142289270617409&w=2

marc.info/?l=bugtraq&m=142358026505815&w=2

marc.info/?l=bugtraq&m=142358078406056&w=2

marc.info/?l=bugtraq&m=142721162228379&w=2

openwall.com/lists/oss-security/2014/09/25/32

openwall.com/lists/oss-security/2014/09/26/2

openwall.com/lists/oss-security/2014/09/28/10

packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

rhn.redhat.com/errata/RHSA-2014-1311.html

rhn.redhat.com/errata/RHSA-2014-1312.html

rhn.redhat.com/errata/RHSA-2014-1354.html

seclists.org/fulldisclosure/2014/Oct/0

secunia.com/advisories/58200

secunia.com/advisories/59907

secunia.com/advisories/60024

secunia.com/advisories/60034

secunia.com/advisories/60044

secunia.com/advisories/60055

secunia.com/advisories/60063

secunia.com/advisories/60193

secunia.com/advisories/60433

secunia.com/advisories/61065

secunia.com/advisories/61128

secunia.com/advisories/61129

secunia.com/advisories/61188

secunia.com/advisories/61283

secunia.com/advisories/61287

secunia.com/advisories/61291

secunia.com/advisories/61312

secunia.com/advisories/61313

secunia.com/advisories/61328

secunia.com/advisories/61442

secunia.com/advisories/61479

secunia.com/advisories/61485

secunia.com/advisories/61503

secunia.com/advisories/61550

secunia.com/advisories/61552

secunia.com/advisories/61565

secunia.com/advisories/61603

secunia.com/advisories/61618

secunia.com/advisories/61622

secunia.com/advisories/61633

secunia.com/advisories/61636

secunia.com/advisories/61641

secunia.com/advisories/61643

secunia.com/advisories/61654

secunia.com/advisories/61703

secunia.com/advisories/61816

secunia.com/advisories/61855

secunia.com/advisories/61857

secunia.com/advisories/61873

secunia.com/advisories/62312

secunia.com/advisories/62343

support.apple.com/HT204244

support.novell.com/security/cve/CVE-2014-7187.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

www-01.ibm.com/support/docview.wss?uid=isg3T1021272

www-01.ibm.com/support/docview.wss?uid=isg3T1021279

www-01.ibm.com/support/docview.wss?uid=isg3T1021361

www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

www-01.ibm.com/support/docview.wss?uid=swg21685604

www-01.ibm.com/support/docview.wss?uid=swg21685733

www-01.ibm.com/support/docview.wss?uid=swg21685749

www-01.ibm.com/support/docview.wss?uid=swg21685914

www-01.ibm.com/support/docview.wss?uid=swg21686084

www-01.ibm.com/support/docview.wss?uid=swg21686131

www-01.ibm.com/support/docview.wss?uid=swg21686246

www-01.ibm.com/support/docview.wss?uid=swg21686445

www-01.ibm.com/support/docview.wss?uid=swg21686447

www-01.ibm.com/support/docview.wss?uid=swg21686479

www-01.ibm.com/support/docview.wss?uid=swg21686494

www-01.ibm.com/support/docview.wss?uid=swg21687079

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

www.mandriva.com/security/advisories?name=MDVSA-2015:164

www.novell.com/support/kb/doc.php?id=7015721

www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

www.qnap.com/i/en/support/con_show.php?cid=61

www.securityfocus.com/archive/1/533593/100/0/threaded

www.ubuntu.com/usn/USN-2364-1

www.vmware.com/security/advisories/VMSA-2014-0010.html

kb.bluecoat.com/index?page=content&id=SA82

kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

kc.mcafee.com/corporate/index?page=content&id=SB10085

support.apple.com/HT205267

support.citrix.com/article/CTX200217

support.citrix.com/article/CTX200223

support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

www.suse.com/support/shellshock/

9.8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

CVE-2014-7187

References

Related