What is CVE-2014-7186?

CVE-2014-7186 is a vulnerability in Gnu Bash, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-09-28.

Is CVE-2014-7186 known to be exploited?

39 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Gnu Bash

CVE-2014-7186

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use…

Vulnerability class: Buffer Overflow

EPSS: 0.893 (99.6th percentile) — read the EPSS interpretation.

Affected products

Gnu Bash — versions 1.14.0, 1.14.1, 1.14.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
HPSBMU03165 (x_refsource_HP, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
HPSBST03131 (x_refsource_HP, vendor-advisory)
SSRT101819 (x_refsource_HP, vendor-advisory)
20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
HPSBMU03245 (x_refsource_HP, vendor-advisory)
openSUSE-SU-2014:1229 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-7186?: CVE-2014-7186 is a vulnerability in Gnu Bash, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-09-28.
Is CVE-2014-7186 known to be exploited?: 39 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.