CVE-2014-7187

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 28 September 2014

Summary

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

References

http://packetstormsecurity.com/files/128517/VMware-Securi...

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

x_refsource_CONFIRM

EPSS Score

97% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2014
Vulnerability Reserved
Sep 25, 2014