Code Execution Vulnerability in GNU Bash by GNU
CVE-2014-6277
Currently unrated
What is CVE-2014-6277?
GNU Bash, through version 4.3, improperly parses function definitions in environment variables, enabling remote attackers to execute arbitrary code or induce a denial of service. This vulnerability arises from crafted environments that exploit command execution contexts across privilege boundaries, affecting various services such as OpenSSH's ForceCommand feature, Apache's mod_cgi and mod_cgid modules, and potentially untrusted scripts executed by DHCP clients. The issue stems from an incomplete fix related to previous vulnerabilities.