CVE-2014-6277: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute…

critical10CVSS 3.1

AVNACLAuNCCICAC

EXPLOIT

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.

Affected

50 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	os_x_el_capitan_v10.11	—	—
apple	os_x_yosemite_v10.10.2_and_security_update_2015-001	—	—
citrix	citrix_netscaler_adc	—	—
citrix	citrix_netscaler_sdx	—	—
citrix	citrix_xenapp	—	—
citrix	citrix_xendesktop	—	—
citrix	citrix_xenmobile	—	—
citrix	citrix_xenserver	—	—
citrix	netscaler_adc	—	—
citrix	netscaler_gateway	—	—
citrix	netscaler_sdx	—	—
citrix	sharefile	—	—
citrix	xenapp	—	—
citrix	xendesktop	—	—
citrix	xenmobile	—	—
citrix	xenserver	—	—
debian	bash	< bash 4.3-9.2 (bookworm)	bash 4.3-9.2 (bookworm)
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—
gnu	bash	—	—

CVSS provenance

nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv10.0CRITICAL

vulncheck9.8CRITICAL

cisa8.8HIGH