CVE-2014-7817
published 2014-11-24CVE-2014-7817: The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | glibc | < glibc 2.19-14 (bookworm) | glibc 2.19-14 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.4 | 2.19-0ubuntu6.4 |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| gnu | glibc | >= 0 < 2.19-14 | 2.19-14 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv5.0MEDIUM