Vulnerability Description
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Bash | 1.14.0 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN55667175/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html
- http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
- http://marc.info/?l=bugtraq&m=141330468527613&w=2
- http://marc.info/?l=bugtraq&m=141345648114150&w=2
- http://marc.info/?l=bugtraq&m=141383026420882&w=2
- http://marc.info/?l=bugtraq&m=141383081521087&w=2
FAQ
What is CVE-2014-7187?
CVE-2014-7187 is a vulnerability with a CVSS score of 10.0 (HIGH). Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) o...
How severe is CVE-2014-7187?
CVE-2014-7187 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7187?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Bash.