Heap-based Buffer Overflow in GNU Bash Affects Local Users
CVE-2012-6711
7HIGH
What is CVE-2012-6711?
A heap-based buffer overflow vulnerability is present in GNU Bash versions prior to 4.3, which occurs when wide characters that are unsupported by the current locale set in the LC_CTYPE environment variable are printed using the echo built-in function. A local attacker can exploit this flaw by supplying crafted input to the 'echo -e' function, potentially leading to script crashes or execution of arbitrary code with the privileges of the bash process. This vulnerability arises from improper handling of conversions in the ansicstr() function while processing character encodings.