Off-by-one Error in GNU Bash Leading to Denial of Service
CVE-2014-7187

Currently unrated

Key Information:

Vendor: Gnu
Status: Bash
Vendor: CVE Published:; 28 September 2014

Summary

A vulnerability exists in GNU Bash due to an off-by-one error in the read_token_word function found in parse.y. This flaw allows attackers to trigger a denial of service condition by exploiting deeply nested for loops, potentially leading to out-of-bounds array access and application crashes. The vulnerability highlights significant security risks associated with inadequate input validation.

References

http://packetstormsecurity.com/files/128517/VMware-Securi...

x_refsource_MISC

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21685749

x_refsource_CONFIRM

EPSS Score

90% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2014
Vulnerability Reserved
Sep 25, 2014