CVE-2014-7186 and CVE-2014-7187 – Bash Out of Bounds
Moderate
Canonical Ubuntu
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the ‘word_lineno’ issue.
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the ‘redir_stack’ issue.
The Cloud Foundry project is unaware of vulnerable versions of bash potentially allowing a denial of service remotely. No exploits have been identified or confirmed yet.
_Severity is moderate unless otherwise noted.
_
Users of affected versions should apply the following mitigation:
Florian Weimer and Todd Sabin
2014-Sep-29: Initial vulnerability report published.