Lucene search

[email protected]CVE-2014-7186

HistorySep 28, 2014 - 7:55 p.m.

CVE-2014-7186

2014-09-2819:55:06

CWE-119

[email protected]

web.nvd.nist.gov

174

cve-2014-7186

gnu bash

parse.y

denial of service

remote attackers

application crash

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.975 High

EPSS

Percentile

100.0%

JSON

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the “redir_stack” issue.

Affected configurations

NVD

Node

gnubashMatch1.14.0

gnubashMatch1.14.1

gnubashMatch1.14.2

gnubashMatch1.14.3

gnubashMatch1.14.4

gnubashMatch1.14.5

gnubashMatch1.14.6

gnubashMatch1.14.7

gnubashMatch2.0

gnubashMatch2.01

gnubashMatch2.01.1

gnubashMatch2.02

gnubashMatch2.02.1

gnubashMatch2.03

gnubashMatch2.04

gnubashMatch2.05

gnubashMatch2.05a

gnubashMatch2.05b

gnubashMatch3.0

gnubashMatch3.0.16

gnubashMatch3.1

gnubashMatch3.2

gnubashMatch3.2.48

gnubashMatch4.0

gnubashMatch4.0rc1

gnubashMatch4.1

gnubashMatch4.2

gnubashMatch4.3

CPENameOperatorVersion
gnu:bashgnu basheq1.14.0
gnu:bashgnu basheq1.14.1
gnu:bashgnu basheq1.14.2
gnu:bashgnu basheq1.14.3
gnu:bashgnu basheq1.14.4
gnu:bashgnu basheq1.14.5
gnu:bashgnu basheq1.14.6
gnu:bashgnu basheq1.14.7
gnu:bashgnu basheq2.0
gnu:bashgnu basheq2.01

CPE	Name	Operator	Version
gnu:bash	gnu bash	eq	1.14.0
gnu:bash	gnu bash	eq	1.14.1
gnu:bash	gnu bash	eq	1.14.2
gnu:bash	gnu bash	eq	1.14.3
gnu:bash	gnu bash	eq	1.14.4
gnu:bash	gnu bash	eq	1.14.5
gnu:bash	gnu bash	eq	1.14.6
gnu:bash	gnu bash	eq	1.14.7
gnu:bash	gnu bash	eq	2.0
gnu:bash	gnu bash	eq	2.01

Rows per page:

1-10 of 251

References

jvn.jp/en/jp/JVN55667175/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000126

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

marc.info/?l=bugtraq&m=141330468527613&w=2

marc.info/?l=bugtraq&m=141345648114150&w=2

marc.info/?l=bugtraq&m=141383026420882&w=2

marc.info/?l=bugtraq&m=141383081521087&w=2

marc.info/?l=bugtraq&m=141383138121313&w=2

marc.info/?l=bugtraq&m=141383196021590&w=2

marc.info/?l=bugtraq&m=141383244821813&w=2

marc.info/?l=bugtraq&m=141383304022067&w=2

marc.info/?l=bugtraq&m=141450491804793&w=2

marc.info/?l=bugtraq&m=141576728022234&w=2

marc.info/?l=bugtraq&m=141577137423233&w=2

marc.info/?l=bugtraq&m=141577241923505&w=2

marc.info/?l=bugtraq&m=141577297623641&w=2

marc.info/?l=bugtraq&m=141585637922673&w=2

marc.info/?l=bugtraq&m=141694386919794&w=2

marc.info/?l=bugtraq&m=141879528318582&w=2

marc.info/?l=bugtraq&m=142113462216480&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142289270617409&w=2

marc.info/?l=bugtraq&m=142358026505815&w=2

marc.info/?l=bugtraq&m=142358078406056&w=2

marc.info/?l=bugtraq&m=142721162228379&w=2

openwall.com/lists/oss-security/2014/09/25/32

openwall.com/lists/oss-security/2014/09/26/2

openwall.com/lists/oss-security/2014/09/28/10

packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

rhn.redhat.com/errata/RHSA-2014-1311.html

rhn.redhat.com/errata/RHSA-2014-1312.html

rhn.redhat.com/errata/RHSA-2014-1354.html

seclists.org/fulldisclosure/2014/Oct/0

secunia.com/advisories/58200

secunia.com/advisories/59907

secunia.com/advisories/60024

secunia.com/advisories/60034

secunia.com/advisories/60044

secunia.com/advisories/60055

secunia.com/advisories/60063

secunia.com/advisories/60193

secunia.com/advisories/60433

secunia.com/advisories/61065

secunia.com/advisories/61128

secunia.com/advisories/61129

secunia.com/advisories/61188

secunia.com/advisories/61283

secunia.com/advisories/61287

secunia.com/advisories/61291

secunia.com/advisories/61312

secunia.com/advisories/61313

secunia.com/advisories/61328

secunia.com/advisories/61442

secunia.com/advisories/61471

secunia.com/advisories/61479

secunia.com/advisories/61485

secunia.com/advisories/61503

secunia.com/advisories/61550

secunia.com/advisories/61552

secunia.com/advisories/61565

secunia.com/advisories/61603

secunia.com/advisories/61618

secunia.com/advisories/61622

secunia.com/advisories/61633

secunia.com/advisories/61636

secunia.com/advisories/61641

secunia.com/advisories/61643

secunia.com/advisories/61654

secunia.com/advisories/61703

secunia.com/advisories/61711

secunia.com/advisories/61780

secunia.com/advisories/61816

secunia.com/advisories/61873

secunia.com/advisories/62228

secunia.com/advisories/62312

secunia.com/advisories/62343

support.apple.com/HT204244

support.novell.com/security/cve/CVE-2014-7186.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

www-01.ibm.com/support/docview.wss?uid=isg3T1021272

www-01.ibm.com/support/docview.wss?uid=isg3T1021279

www-01.ibm.com/support/docview.wss?uid=isg3T1021361

www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

www-01.ibm.com/support/docview.wss?uid=swg21685541

www-01.ibm.com/support/docview.wss?uid=swg21685604

www-01.ibm.com/support/docview.wss?uid=swg21685733

www-01.ibm.com/support/docview.wss?uid=swg21685749

www-01.ibm.com/support/docview.wss?uid=swg21685914

www-01.ibm.com/support/docview.wss?uid=swg21686084

www-01.ibm.com/support/docview.wss?uid=swg21686131

www-01.ibm.com/support/docview.wss?uid=swg21686246

www-01.ibm.com/support/docview.wss?uid=swg21686445

www-01.ibm.com/support/docview.wss?uid=swg21686447

www-01.ibm.com/support/docview.wss?uid=swg21686479

www-01.ibm.com/support/docview.wss?uid=swg21686494

www-01.ibm.com/support/docview.wss?uid=swg21687079

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

www.mandriva.com/security/advisories?name=MDVSA-2015:164

www.novell.com/support/kb/doc.php?id=7015721

www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

www.qnap.com/i/en/support/con_show.php?cid=61

www.securityfocus.com/archive/1/533593/100/0/threaded

www.ubuntu.com/usn/USN-2364-1

www.vmware.com/security/advisories/VMSA-2014-0010.html

kb.bluecoat.com/index?page=content&id=SA82

kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

kc.mcafee.com/corporate/index?page=content&id=SB10085

support.apple.com/HT205267

support.citrix.com/article/CTX200217

support.citrix.com/article/CTX200223

support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

www.suse.com/support/shellshock/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.975 High

EPSS

Percentile

100.0%

JSON

CVE-2014-7186

Affected configurations

References

Related