CVE-2012-3410

CWE-119 — Buffer Overflow CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 75.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Bash

Timeline

PublishedAug 27

Latest updateMay 17

Description

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶Debianbash< 4.2-4+3

▶NVDgnu/bash4.2

Patches

Patch: ftp.gnu.org ↗Patch: bugs.debian.org ↗Patch: ftp.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-8g5r-93v7-fh2w: Stack-based buffer overflow in lib/sh/eaccess↗2022-05-17

▶

OSV

CVE-2012-3410: Stack-based buffer overflow in lib/sh/eaccess↗2012-08-27

▶

CVEList

CVE-2012-3410: Stack-based buffer overflow in lib/sh/eaccess↗2012-08-27

▶

📋Vendor Advisories

Red Hat

bash: Stack-based buffer overflow (crash) when expanding /dev/fd file names↗2012-07-10

▶

Debian

CVE-2012-3410: bash - Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 ...↗2012

▶

💬Community

Bugzilla

CVE-2012-3410 bash: Stack-based buffer overflow (crash) when expanding /dev/fd file names↗2012-07-13

▶