CVE-2016-0634
published 2017-08-28CVE-2016-0634: The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in…
high7.5CVSS 3.0
AVNACHPRLUINSUCHIHAH
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bash | < bash 4.4-1 (bookworm) | bash 4.4-1 (bookworm) |
| gnu | bash | — | — |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.3-7ubuntu1.7 | 4.3-7ubuntu1.7 |
| gnu | bash | >= 0 < 4.3-14ubuntu1.2 | 4.3-14ubuntu1.2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH