CVE-2016-0634

CWE-78 — OS Command Injection10 documents8 sources

Severity

7.5HIGH

EPSS

2.2%

top 15.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Bash

Timeline

PublishedAug 28

Latest updateMay 14

Description

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

▶Debianbash< 4.4-1+3

▶Ubuntubash< 4.3-7ubuntu1.7+1

▶NVDgnu/bash4.3

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2ww-3j54-pccx: The expansion of '\h' in the prompt string in bash 4↗2022-05-14

▶

CVEList

CVE-2016-0634: The expansion of '\h' in the prompt string in bash 4↗2017-08-28

▶

OSV

CVE-2016-0634: The expansion of '\h' in the prompt string in bash 4↗2017-08-28

▶

OSV

bash vulnerabilities↗2017-05-17

▶

📋Vendor Advisories

Ubuntu

Bash vulnerabilities↗2017-05-17

▶

Debian

CVE-2016-0634: bash - The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticat...↗2016

▶

Red Hat

bash: Arbitrary code execution via malicious hostname↗2015-10-16

▶

💬Community

Bugzilla

CVE-2016-0634 bash: Arbitrary code execution via malicious hostname↗2016-09-20

▶

Bugzilla

CVE-2016-0634 bash: Arbitrary code execution via malicious hostname [fedora-all]↗2016-09-20

▶