Bash@4.3 Security Vulnerabilities and Issues — Bash@4.3 CVE List

Lucene search

GnuBash4.3

5 matches found

CVE•added 2014/09/30 10:55 a.m.•366 views

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and ...

10CVSS9.9AI score0.9422EPSS

CVE•added 2014/09/27 10:55 p.m.•313 views

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted envi...

10CVSS8.7AI score0.9422EPSS

CVE•added 2014/09/28 7:55 p.m.•199 views

CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

10CVSS7.5AI score0.90345EPSS

CVE•added 2014/09/28 7:55 p.m.•193 views

CVE-2014-7187

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

10CVSS7.6AI score0.90099EPSS

CVE•added 2017/08/28 3:29 p.m.•162 views

CVE-2016-0634

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

7.5CVSS6.8AI score0.03183EPSS