GNU Bash processes trailing strings after function definitions in the values of environment variables. This processing allows remote attackers to execute arbitrary code through a crafted environment.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
GNU Bash through version 4.3 bash43-026 does not properly parse function definitions in the values of environment variables. This failure to properly parse function definitions allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) through a crafted environment.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
GNU Bash through version 4.3 bash43-026 does not properly parse function definitions in the values of environment variables. This failure to properly parse function definitions allows remote attackers to execute arbitrary commands through a crafted environment.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
GNU Bash processes trailing strings after certain malformed function definitions in the values of environment variables. This processing allows remote attackers to write to files and may have some other unknown impact through a crafted environment.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
The redirection implementation in parse.y
in GNU Bash through version 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly some other unspecified impact through crafted use-of-here documents. This issue is also known as the redir_stack
issue.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
An off-by-one error in the read_token_word
function in parse.y
in GNU Bash through version 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly some other unspecified impact through deeply nested for loops. This issue is also known as the word_lineno
issue.
CVSS Base Score: 10
CVSS Temporal Score: 8.3
CVSS 2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
NVIDIA’s risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a local security or IT professional to evaluate the risk of your specific configuration.