Gnu Bash
8 CVEs affecting Gnu Bash. Latest disclosed: 2017-08-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7543 | High | 8.4 | 2017-01-19 | Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. |
CVE-2017-5932 | High | 7.8 | 2017-03-27 | The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a comma… |
CVE-2016-0634 | High | 7.5 | 2017-08-28 | The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname… |
CVE-2016-9401 | Medium | 5.5 | 2017-01-23 | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. |
CVE-2014-7187 | | 2014-09-28 | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bou… | |
CVE-2014-7186 | | 2014-09-28 | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access a… | |
CVE-2014-6277 | | 2014-09-27 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute a… | |
CVE-2012-3410 | | 2012-08-27 | Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long f… |