Vulnerability Description
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Bash | 1.14.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN55667175/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
- http://marc.info/?l=bugtraq&m=141330468527613&w=2
- http://marc.info/?l=bugtraq&m=141345648114150&w=2
- http://marc.info/?l=bugtraq&m=141383026420882&w=2
- http://marc.info/?l=bugtraq&m=141383081521087&w=2
- http://marc.info/?l=bugtraq&m=141383138121313&w=2
- http://marc.info/?l=bugtraq&m=141383196021590&w=2
FAQ
What is CVE-2014-7186?
CVE-2014-7186 is a vulnerability with a CVSS score of 10.0 (HIGH). The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have un...
How severe is CVE-2014-7186?
CVE-2014-7186 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7186?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Bash.