rpm package
opensuse/bash&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/bash&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-9401 | Med | 5.5 | < 7.0-92.1 | 7.0-92.1 | Jan 23, 2017 | popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |
| CVE-2014-6278 | Hig | 8.8 | KEV | < 7.0-92.1 | 7.0-92.1 | Sep 30, 2014 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh |
| CVE-2014-7187 | — | < 7.0-92.1 | 7.0-92.1 | Sep 28, 2014 | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "w | ||
| CVE-2014-7186 | — | < 7.0-92.1 | 7.0-92.1 | Sep 28, 2014 | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" | ||
| CVE-2014-6277 | — | < 7.0-92.1 | 7.0-92.1 | Sep 27, 2014 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) | ||
| CVE-2014-7169 | Cri | 9.8 | KEV | < 7.0-92.1 | 7.0-92.1 | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vect |
| CVE-2014-6271 | Cri | 9.8 | KEV | < 7.0-92.1 | 7.0-92.1 | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the |
| CVE-2014-2524 | — | < 7.0-92.1 | 7.0-92.1 | Aug 20, 2014 | The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. |
- affected < 7.0-92.1fixed 7.0-92.1
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
- affected < 7.0-92.1fixed 7.0-92.1
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH ssh
- CVE-2014-7187Sep 28, 2014affected < 7.0-92.1fixed 7.0-92.1
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "w
- CVE-2014-7186Sep 28, 2014affected < 7.0-92.1fixed 7.0-92.1
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack"
- CVE-2014-6277Sep 27, 2014affected < 7.0-92.1fixed 7.0-92.1
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations)
- affected < 7.0-92.1fixed 7.0-92.1
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vect
- affected < 7.0-92.1fixed 7.0-92.1
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the
- CVE-2014-2524Aug 20, 2014affected < 7.0-92.1fixed 7.0-92.1
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.