Buffer overflow in Gnu Bash

CVE-2012-3410

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd pre…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (24.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Bash — versions 4.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 (mailing-list, x_refsource_MLIST)
MDVSA-2012:128 (vendor-advisory, x_refsource_MANDRIVA)
bash-devfd-bo(77551) (vdb-entry, x_refsource_XF)
openSUSE-SU-2012:0898 (vendor-advisory, x_refsource_SUSE)
51086 (x_refsource_SECUNIA, third-party-advisory)
[oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33 (mailing-list, x_refsource_MLIST)
54937 (vdb-entry, x_refsource_BID)
GLSA-201210-05 (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (Patch, x_refsource_MISC)
[oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 (mailing-list, x_refsource_MLIST)