10

CVE-2014-7187

Exploit

EPSS 89.37%
Veröffentlicht 28.09.2014 19:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 126

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Bash Version1.14.0

Gnu ≫ Bash Version1.14.1

Gnu ≫ Bash Version1.14.2

Gnu ≫ Bash Version1.14.3

Gnu ≫ Bash Version1.14.4

Gnu ≫ Bash Version1.14.5

Gnu ≫ Bash Version1.14.6

Gnu ≫ Bash Version1.14.7

Gnu ≫ Bash Version2.0

Gnu ≫ Bash Version2.01

Gnu ≫ Bash Version2.01.1

Gnu ≫ Bash Version2.02

Gnu ≫ Bash Version2.02.1

Gnu ≫ Bash Version2.03

Gnu ≫ Bash Version2.04

Gnu ≫ Bash Version2.05

Gnu ≫ Bash Version2.05 Updatea

Gnu ≫ Bash Version2.05 Updateb

Gnu ≫ Bash Version3.0

Gnu ≫ Bash Version3.0.16

Gnu ≫ Bash Version3.1

Gnu ≫ Bash Version3.2

Gnu ≫ Bash Version3.2.48

Gnu ≫ Bash Version4.0

Gnu ≫ Bash Version4.0 Updaterc1

Gnu ≫ Bash Version4.1

Gnu ≫ Bash Version4.2

Gnu ≫ Bash Version4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	89.37%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

https://support.apple.com/HT205267

http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

http://support.apple.com/HT204244

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

http://jvn.jp/en/jp/JVN55667175/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

http://marc.info/?l=bugtraq&m=141330468527613&w=2

http://marc.info/?l=bugtraq&m=141345648114150&w=2

http://marc.info/?l=bugtraq&m=141383026420882&w=2

http://marc.info/?l=bugtraq&m=141383081521087&w=2

http://marc.info/?l=bugtraq&m=141383138121313&w=2

http://marc.info/?l=bugtraq&m=141383196021590&w=2

http://marc.info/?l=bugtraq&m=141383244821813&w=2

http://marc.info/?l=bugtraq&m=141383304022067&w=2

http://marc.info/?l=bugtraq&m=141450491804793&w=2

http://marc.info/?l=bugtraq&m=141576728022234&w=2

http://marc.info/?l=bugtraq&m=141577137423233&w=2

http://marc.info/?l=bugtraq&m=141577241923505&w=2

http://marc.info/?l=bugtraq&m=141577297623641&w=2

http://marc.info/?l=bugtraq&m=141585637922673&w=2

http://marc.info/?l=bugtraq&m=141694386919794&w=2

http://marc.info/?l=bugtraq&m=141879528318582&w=2

http://marc.info/?l=bugtraq&m=142118135300698&w=2

http://marc.info/?l=bugtraq&m=142358026505815&w=2

http://marc.info/?l=bugtraq&m=142358078406056&w=2

http://marc.info/?l=bugtraq&m=142721162228379&w=2

http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

http://rhn.redhat.com/errata/RHSA-2014-1354.html

http://seclists.org/fulldisclosure/2014/Oct/0

http://secunia.com/advisories/58200

http://secunia.com/advisories/59907

http://secunia.com/advisories/60024

http://secunia.com/advisories/60034

http://secunia.com/advisories/60044

http://secunia.com/advisories/60055

http://secunia.com/advisories/60063

http://secunia.com/advisories/60193

http://secunia.com/advisories/60433

http://secunia.com/advisories/61065

http://secunia.com/advisories/61128

http://secunia.com/advisories/61129

http://secunia.com/advisories/61188

http://secunia.com/advisories/61283

http://secunia.com/advisories/61287

http://secunia.com/advisories/61291

http://secunia.com/advisories/61312

http://secunia.com/advisories/61313

http://secunia.com/advisories/61328

http://secunia.com/advisories/61442

http://secunia.com/advisories/61485

http://secunia.com/advisories/61503

http://secunia.com/advisories/61550

http://secunia.com/advisories/61552

http://secunia.com/advisories/61565

http://secunia.com/advisories/61603

http://secunia.com/advisories/61633

http://secunia.com/advisories/61641

http://secunia.com/advisories/61643

http://secunia.com/advisories/61654

http://secunia.com/advisories/61703

http://secunia.com/advisories/61816

http://secunia.com/advisories/61855

http://secunia.com/advisories/61857

http://secunia.com/advisories/61873

http://secunia.com/advisories/62312

http://secunia.com/advisories/62343

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279

http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

http://www-01.ibm.com/support/docview.wss?uid=swg21685733

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

http://www-01.ibm.com/support/docview.wss?uid=swg21685914

http://www-01.ibm.com/support/docview.wss?uid=swg21686084

http://www-01.ibm.com/support/docview.wss?uid=swg21686131

http://www-01.ibm.com/support/docview.wss?uid=swg21686246

http://www-01.ibm.com/support/docview.wss?uid=swg21686445

http://www-01.ibm.com/support/docview.wss?uid=swg21686447

http://www-01.ibm.com/support/docview.wss?uid=swg21686479

http://www-01.ibm.com/support/docview.wss?uid=swg21686494

http://www-01.ibm.com/support/docview.wss?uid=swg21687079

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

http://www.mandriva.com/security/advisories?name=MDVSA-2015:164

http://www.novell.com/support/kb/doc.php?id=7015721

http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

http://www.qnap.com/i/en/support/con_show.php?cid=61

http://www.securityfocus.com/archive/1/533593/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0010.html

https://kb.bluecoat.com/index?page=content&id=SA82

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

https://kc.mcafee.com/corporate/index?page=content&id=SB10085

https://support.citrix.com/article/CTX200217

https://support.citrix.com/article/CTX200223

https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

https://www.suse.com/support/shellshock/

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

http://rhn.redhat.com/errata/RHSA-2014-1311.html

http://rhn.redhat.com/errata/RHSA-2014-1312.html

http://secunia.com/advisories/61479

http://secunia.com/advisories/61618

http://secunia.com/advisories/61622

http://marc.info/?l=bugtraq&m=142289270617409&w=2

http://openwall.com/lists/oss-security/2014/09/25/32

Exploit

http://openwall.com/lists/oss-security/2014/09/26/2

http://openwall.com/lists/oss-security/2014/09/28/10

http://secunia.com/advisories/61636

http://www.ubuntu.com/usn/USN-2364-1

http://support.novell.com/security/cve/CVE-2014-7187.html

https://nvd.nist.gov/vuln/detail/CVE-2014-7187

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7187

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7187

EUVD