What is CVE-2014-6277?

CVE-2014-6277 is a vulnerability in Gnu Bash, classified under OS Command Injection. Published 2014-09-27.

Is CVE-2014-6277 known to be exploited?

23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Gnu Bash

CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and unt…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.868 (99.4th percentile) — read the EPSS interpretation.

Affected products

Gnu Bash — versions 1.14.0, 1.14.1, 1.14.2
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

security@debian.org (x_refsource_CONFIRM)
security@debian.org (x_refsource_CONFIRM)
HPSBMU03165 (x_refsource_HP, vendor-advisory)
security@debian.org (x_refsource_CONFIRM)
security@debian.org (x_refsource_CONFIRM)
SSRT101819 (x_refsource_HP, vendor-advisory)
HPSBMU03245 (x_refsource_HP, vendor-advisory)
security@debian.org (x_refsource_CONFIRM)
JVN#55667175 (x_refsource_JVN, third-party-advisory)
60433 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2014-6277?: CVE-2014-6277 is a vulnerability in Gnu Bash, classified under OS Command Injection. Published 2014-09-27.
Is CVE-2014-6277 known to be exploited?: 23 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.