What is CVE-2014-7187?

CVE-2014-7187 is a vulnerability in Gnu Bash, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-09-28.

Is CVE-2014-7187 known to be exploited?

35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Gnu Bash

CVE-2014-7187

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impac…

Vulnerability class: Buffer Overflow

EPSS: 0.899 (99.6th percentile) — read the EPSS interpretation.

Affected products

Gnu Bash — versions 1.14.0, 1.14.1, 1.14.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
HPSBMU03165 (x_refsource_HP, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
HPSBST03131 (x_refsource_HP, vendor-advisory)
SSRT101819 (x_refsource_HP, vendor-advisory)
20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
HPSBMU03245 (x_refsource_HP, vendor-advisory)
openSUSE-SU-2014:1229 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-7187?: CVE-2014-7187 is a vulnerability in Gnu Bash, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-09-28.
Is CVE-2014-7187 known to be exploited?: 35 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.