Unrated severityNVD Advisory· Published Sep 5, 1998· Updated Apr 16, 2026

CVE-1999-1048

Description

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:1.3.1:*:*:*:*:*:*:*
Red Hat/Linux
cpe:2.3:o:redhat:linux:4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/1998/19980909nvdPatchVendor Advisory
www.securityfocus.com/archive/1/10542nvdExploitVendor Advisory
marc.infonvd
www.osvdb.org/8345nvd
exchange.xforce.ibmcloud.com/vulnerabilities/3414nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000