CVE-2014-7169: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-07-28

Exploited in the wild

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Affected

288 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	mac_os_x	>= 10.0.0 < 10.10.0	10.10.0
arista	eos	>= 4.10.0 < 4.10.9	4.10.9
arista	eos	>= 4.11.0 < 4.11.11	4.11.11
arista	eos	>= 4.12.0 < 4.12.9	4.12.9
arista	eos	>= 4.13.0 < 4.13.9	4.13.9
arista	eos	>= 4.14.0 < 4.14.4f	4.14.4f
arista	eos	>= 4.9.0 < 4.9.12	4.9.12
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
checkpoint	security_gateway	< r77.30	r77.30
citrix	citrix_adm	—	—
citrix	citrix_hypervisor	—	—
citrix	citrix_netscaler_adc	—	—
citrix	citrix_netscaler_sdx	—	—
citrix	citrix_virtual_apps_and_desktops	—	—
citrix	citrix_xenapp	—	—
citrix	citrix_xendesktop	—	—
citrix	citrix_xenmobile	—	—
citrix	citrix_xenserver	—	—
citrix	endpoint_management	—	—
citrix	netscaler_adc	—	—
citrix	netscaler_gateway	—	—
citrix	netscaler_sdx	—	—
citrix	netscaler_sdx_firmware	< 9.3.67.5r1	9.3.67.5r1

CVSS provenance

nvd10.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL

vulncheck9.8CRITICAL

cisa9.8CRITICAL