CVE-2016-7543
published 2017-01-19CVE-2016-7543: Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
high8.4CVSS 3.0
AVLACLPRNUINSUCHIHAH
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bash | < bash 4.4-1 (bookworm) | bash 4.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnu | bash | <= 4.3 | — |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.4-1 | 4.4-1 |
| gnu | bash | >= 0 < 4.3-7ubuntu1.7 | 4.3-7ubuntu1.7 |
| gnu | bash | >= 0 < 4.3-14ubuntu1.2 | 4.3-14ubuntu1.2 |
CVSS provenance
nvdv3.08.4HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.4HIGH