7.8

CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuBash Version4.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/02/08/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/96136
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html
Patch
Vendor Advisory
Mailing List