Skip to content

GNU Bash through 4.3 bash43-025 processes trailing...

High severity Unreviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Jul 24, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

References

Published by the National Vulnerability Database Sep 25, 2014
Published to the GitHub Advisory Database May 13, 2022
Last updated Jul 24, 2024

Severity

High

EPSS score

90.435%
(99th percentile)

Weaknesses

CVE ID

CVE-2014-7169

GHSA ID

GHSA-f7j6-xrjp-vffg

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.