Lucene search

MitreCVE-2014-7187

HistorySep 28, 2014 - 7:55 p.m.

CVE-2014-7187

2014-09-2819:55:06

CWE-119

mitre

web.nvd.nist.gov

177

cve-2014-7187

information security

gnu bash

vulnerability

out-of-bounds array access

application crash

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.973

Percentile

99.9%

JSON

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the “word_lineno” issue.

Affected configurations

Nvd

Node

gnubashMatch1.14.0

gnubashMatch1.14.1

gnubashMatch1.14.2

gnubashMatch1.14.3

gnubashMatch1.14.4

gnubashMatch1.14.5

gnubashMatch1.14.6

gnubashMatch1.14.7

gnubashMatch2.0

gnubashMatch2.01

gnubashMatch2.01.1

gnubashMatch2.02

gnubashMatch2.02.1

gnubashMatch2.03

gnubashMatch2.04

gnubashMatch2.05

gnubashMatch2.05a

gnubashMatch2.05b

gnubashMatch3.0

gnubashMatch3.0.16

gnubashMatch3.1

gnubashMatch3.2

gnubashMatch3.2.48

gnubashMatch4.0

gnubashMatch4.0rc1

gnubashMatch4.1

gnubashMatch4.2

gnubashMatch4.3

VendorProductVersionCPE
gnubash1.14.0cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
gnubash1.14.1cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
gnubash1.14.2cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
gnubash1.14.3cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
gnubash1.14.4cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
gnubash1.14.5cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
gnubash1.14.6cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
gnubash1.14.7cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
gnubash2.0cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
gnubash2.01cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	bash	1.14.0	cpe:2.3:a:gnu:bash:1.14.0:::::::*
gnu	bash	1.14.1	cpe:2.3:a:gnu:bash:1.14.1:::::::*
gnu	bash	1.14.2	cpe:2.3:a:gnu:bash:1.14.2:::::::*
gnu	bash	1.14.3	cpe:2.3:a:gnu:bash:1.14.3:::::::*
gnu	bash	1.14.4	cpe:2.3:a:gnu:bash:1.14.4:::::::*
gnu	bash	1.14.5	cpe:2.3:a:gnu:bash:1.14.5:::::::*
gnu	bash	1.14.6	cpe:2.3:a:gnu:bash:1.14.6:::::::*
gnu	bash	1.14.7	cpe:2.3:a:gnu:bash:1.14.7:::::::*
gnu	bash	2.0	cpe:2.3:a:gnu:bash:2.0:::::::*
gnu	bash	2.01	cpe:2.3:a:gnu:bash:2.01:::::::*

Rows per page:

1-10 of 281

References

jvn.jp/en/jp/JVN55667175/index.html

jvndb.jvn.jp/jvndb/JVNDB-2014-000126

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html

lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html

lists.opensuse.org/opensuse-updates/2014-10/msg00023.html

lists.opensuse.org/opensuse-updates/2014-10/msg00025.html

marc.info/?l=bugtraq&m=141330468527613&w=2

marc.info/?l=bugtraq&m=141345648114150&w=2

marc.info/?l=bugtraq&m=141383026420882&w=2

marc.info/?l=bugtraq&m=141383081521087&w=2

marc.info/?l=bugtraq&m=141383138121313&w=2

marc.info/?l=bugtraq&m=141383196021590&w=2

marc.info/?l=bugtraq&m=141383244821813&w=2

marc.info/?l=bugtraq&m=141383304022067&w=2

marc.info/?l=bugtraq&m=141450491804793&w=2

marc.info/?l=bugtraq&m=141576728022234&w=2

marc.info/?l=bugtraq&m=141577137423233&w=2

marc.info/?l=bugtraq&m=141577241923505&w=2

marc.info/?l=bugtraq&m=141577297623641&w=2

marc.info/?l=bugtraq&m=141585637922673&w=2

marc.info/?l=bugtraq&m=141694386919794&w=2

marc.info/?l=bugtraq&m=141879528318582&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142289270617409&w=2

marc.info/?l=bugtraq&m=142358026505815&w=2

marc.info/?l=bugtraq&m=142358078406056&w=2

marc.info/?l=bugtraq&m=142721162228379&w=2

openwall.com/lists/oss-security/2014/09/25/32

openwall.com/lists/oss-security/2014/09/26/2

openwall.com/lists/oss-security/2014/09/28/10

packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html

packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html

rhn.redhat.com/errata/RHSA-2014-1311.html

rhn.redhat.com/errata/RHSA-2014-1312.html

rhn.redhat.com/errata/RHSA-2014-1354.html

seclists.org/fulldisclosure/2014/Oct/0

secunia.com/advisories/58200

secunia.com/advisories/59907

secunia.com/advisories/60024

secunia.com/advisories/60034

secunia.com/advisories/60044

secunia.com/advisories/60055

secunia.com/advisories/60063

secunia.com/advisories/60193

secunia.com/advisories/60433

secunia.com/advisories/61065

secunia.com/advisories/61128

secunia.com/advisories/61129

secunia.com/advisories/61188

secunia.com/advisories/61283

secunia.com/advisories/61287

secunia.com/advisories/61291

secunia.com/advisories/61312

secunia.com/advisories/61313

secunia.com/advisories/61328

secunia.com/advisories/61442

secunia.com/advisories/61479

secunia.com/advisories/61485

secunia.com/advisories/61503

secunia.com/advisories/61550

secunia.com/advisories/61552

secunia.com/advisories/61565

secunia.com/advisories/61603

secunia.com/advisories/61618

secunia.com/advisories/61622

secunia.com/advisories/61633

secunia.com/advisories/61636

secunia.com/advisories/61641

secunia.com/advisories/61643

secunia.com/advisories/61654

secunia.com/advisories/61703

secunia.com/advisories/61816

secunia.com/advisories/61855

secunia.com/advisories/61857

secunia.com/advisories/61873

secunia.com/advisories/62312

secunia.com/advisories/62343

support.apple.com/HT204244

support.novell.com/security/cve/CVE-2014-7187.html

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

www-01.ibm.com/support/docview.wss?uid=isg3T1021272

www-01.ibm.com/support/docview.wss?uid=isg3T1021279

www-01.ibm.com/support/docview.wss?uid=isg3T1021361

www-01.ibm.com/support/docview.wss?uid=ssg1S1004879

www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

www-01.ibm.com/support/docview.wss?uid=ssg1S1004898

www-01.ibm.com/support/docview.wss?uid=ssg1S1004915

www-01.ibm.com/support/docview.wss?uid=swg21685604

www-01.ibm.com/support/docview.wss?uid=swg21685733

www-01.ibm.com/support/docview.wss?uid=swg21685749

www-01.ibm.com/support/docview.wss?uid=swg21685914

www-01.ibm.com/support/docview.wss?uid=swg21686084

www-01.ibm.com/support/docview.wss?uid=swg21686131

www-01.ibm.com/support/docview.wss?uid=swg21686246

www-01.ibm.com/support/docview.wss?uid=swg21686445

www-01.ibm.com/support/docview.wss?uid=swg21686447

www-01.ibm.com/support/docview.wss?uid=swg21686479

www-01.ibm.com/support/docview.wss?uid=swg21686494

www-01.ibm.com/support/docview.wss?uid=swg21687079

www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315

www.mandriva.com/security/advisories?name=MDVSA-2015:164

www.novell.com/support/kb/doc.php?id=7015721

www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html

www.qnap.com/i/en/support/con_show.php?cid=61

www.securityfocus.com/archive/1/533593/100/0/threaded

www.ubuntu.com/usn/USN-2364-1

www.vmware.com/security/advisories/VMSA-2014-0010.html

kb.bluecoat.com/index?page=content&id=SA82

kb.juniper.net/InfoCenter/index?page=content&id=JSA10648

kc.mcafee.com/corporate/index?page=content&id=SB10085

support.apple.com/HT205267

support.citrix.com/article/CTX200217

support.citrix.com/article/CTX200223

support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts

www.suse.com/support/shellshock/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.973

Percentile

99.9%

JSON

CVE-2014-7187

Affected configurations

References

Related