CVE - CVE-2014-7187

CVE-ID
CVE-2014-7187	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2015-01-27-4 URL:http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html APPLE:APPLE-SA-2015-09-30-3 URL:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BUGTRAQ:20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities URL:http://www.securityfocus.com/archive/1/533593/100/0/threaded CISCO:20140926 GNU Bash Environment Variable Command Injection Vulnerability URL:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash CONFIRM:http://support.apple.com/HT204244 CONFIRM:http://support.novell.com/security/cve/CVE-2014-7187.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21685604 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21685733 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21685749 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21685914 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686084 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686131 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686246 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686445 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686447 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686479 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21686494 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21687079 CONFIRM:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315 CONFIRM:http://www.novell.com/support/kb/doc.php?id=7015721 CONFIRM:http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html CONFIRM:http://www.qnap.com/i/en/support/con_show.php?cid=61 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0010.html CONFIRM:https://kb.bluecoat.com/index?page=content&id=SA82 CONFIRM:https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648 CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10085 CONFIRM:https://support.apple.com/HT205267 CONFIRM:https://support.citrix.com/article/CTX200217 CONFIRM:https://support.citrix.com/article/CTX200223 CONFIRM:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075 CONFIRM:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183 CONFIRM:https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts CONFIRM:https://www.suse.com/support/shellshock/ FULLDISC:20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Oct/0 HP:HPSBGN03138 URL:http://marc.info/?l=bugtraq&m=141330468527613&w=2 HP:HPSBGN03141 URL:http://marc.info/?l=bugtraq&m=141383304022067&w=2 HP:HPSBGN03142 URL:http://marc.info/?l=bugtraq&m=141383244821813&w=2 HP:HPSBGN03233 URL:http://marc.info/?l=bugtraq&m=142118135300698&w=2 HP:HPSBHF03125 URL:http://marc.info/?l=bugtraq&m=141345648114150&w=2 HP:HPSBMU03143 URL:http://marc.info/?l=bugtraq&m=141383026420882&w=2 HP:HPSBMU03144 URL:http://marc.info/?l=bugtraq&m=141383081521087&w=2 HP:HPSBMU03165 URL:http://marc.info/?l=bugtraq&m=141577137423233&w=2 HP:HPSBMU03182 URL:http://marc.info/?l=bugtraq&m=141585637922673&w=2 HP:HPSBMU03217 URL:http://marc.info/?l=bugtraq&m=141879528318582&w=2 HP:HPSBMU03220 URL:http://marc.info/?l=bugtraq&m=142721162228379&w=2 HP:HPSBMU03236 URL:http://marc.info/?l=bugtraq&m=142289270617409&w=2 HP:HPSBMU03245 URL:http://marc.info/?l=bugtraq&m=142358026505815&w=2 HP:HPSBMU03246 URL:http://marc.info/?l=bugtraq&m=142358078406056&w=2 HP:HPSBST03129 URL:http://marc.info/?l=bugtraq&m=141383196021590&w=2 HP:HPSBST03131 URL:http://marc.info/?l=bugtraq&m=141383138121313&w=2 HP:HPSBST03148 URL:http://marc.info/?l=bugtraq&m=141694386919794&w=2 HP:HPSBST03154 URL:http://marc.info/?l=bugtraq&m=141577297623641&w=2 HP:HPSBST03155 URL:http://marc.info/?l=bugtraq&m=141576728022234&w=2 HP:HPSBST03157 URL:http://marc.info/?l=bugtraq&m=141450491804793&w=2 HP:HPSBST03181 URL:http://marc.info/?l=bugtraq&m=141577241923505&w=2 HP:SSRT101739 URL:http://marc.info/?l=bugtraq&m=142118135300698&w=2 HP:SSRT101742 URL:http://marc.info/?l=bugtraq&m=142358026505815&w=2 HP:SSRT101819 URL:http://marc.info/?l=bugtraq&m=142721162228379&w=2 HP:SSRT101827 URL:http://marc.info/?l=bugtraq&m=141879528318582&w=2 HP:SSRT101830 URL:http://marc.info/?l=bugtraq&m=142289270617409&w=2 HP:SSRT101868 URL:http://marc.info/?l=bugtraq&m=142118135300698&w=2 JVN:JVN#55667175 URL:http://jvn.jp/en/jp/JVN55667175/index.html JVNDB:JVNDB-2014-000126 URL:http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 MANDRIVA:MDVSA-2015:164 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:164~~ (Obsolete source) MISC:http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html MISC:http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html MLIST:[oss-security] 20140925 Fwd: Non-upstream patches for bash URL:http://openwall.com/lists/oss-security/2014/09/25/32 MLIST:[oss-security] 20140926 Re: Fwd: Non-upstream patches for bash URL:http://openwall.com/lists/oss-security/2014/09/26/2 MLIST:[oss-security] 20140928 Re: CVE-2014-6271: remote code execution through bash URL:http://openwall.com/lists/oss-security/2014/09/28/10 REDHAT:RHSA-2014:1311 URL:http://rhn.redhat.com/errata/RHSA-2014-1311.html REDHAT:RHSA-2014:1312 URL:http://rhn.redhat.com/errata/RHSA-2014-1312.html REDHAT:RHSA-2014:1354 URL:http://rhn.redhat.com/errata/RHSA-2014-1354.html SECUNIA:58200 URL:http://secunia.com/advisories/58200 SECUNIA:59907 URL:http://secunia.com/advisories/59907 SECUNIA:60024 URL:http://secunia.com/advisories/60024 SECUNIA:60034 URL:http://secunia.com/advisories/60034 SECUNIA:60044 URL:http://secunia.com/advisories/60044 SECUNIA:60055 URL:http://secunia.com/advisories/60055 SECUNIA:60063 URL:http://secunia.com/advisories/60063 SECUNIA:60193 URL:http://secunia.com/advisories/60193 SECUNIA:60433 URL:http://secunia.com/advisories/60433 SECUNIA:61065 URL:http://secunia.com/advisories/61065 SECUNIA:61128 URL:http://secunia.com/advisories/61128 SECUNIA:61129 URL:http://secunia.com/advisories/61129 SECUNIA:61188 URL:http://secunia.com/advisories/61188 SECUNIA:61283 URL:http://secunia.com/advisories/61283 SECUNIA:61287 URL:http://secunia.com/advisories/61287 SECUNIA:61291 URL:http://secunia.com/advisories/61291 SECUNIA:61312 URL:http://secunia.com/advisories/61312 SECUNIA:61313 URL:http://secunia.com/advisories/61313 SECUNIA:61328 URL:http://secunia.com/advisories/61328 SECUNIA:61442 URL:http://secunia.com/advisories/61442 SECUNIA:61479 URL:http://secunia.com/advisories/61479 SECUNIA:61485 URL:http://secunia.com/advisories/61485 SECUNIA:61503 URL:http://secunia.com/advisories/61503 SECUNIA:61550 URL:http://secunia.com/advisories/61550 SECUNIA:61552 URL:http://secunia.com/advisories/61552 SECUNIA:61565 URL:http://secunia.com/advisories/61565 SECUNIA:61603 URL:http://secunia.com/advisories/61603 SECUNIA:61618 URL:http://secunia.com/advisories/61618 SECUNIA:61622 URL:http://secunia.com/advisories/61622 SECUNIA:61633 URL:http://secunia.com/advisories/61633 SECUNIA:61636 URL:http://secunia.com/advisories/61636 SECUNIA:61641 URL:http://secunia.com/advisories/61641 SECUNIA:61643 URL:http://secunia.com/advisories/61643 SECUNIA:61654 URL:http://secunia.com/advisories/61654 SECUNIA:61703 URL:http://secunia.com/advisories/61703 SECUNIA:61816 URL:http://secunia.com/advisories/61816 SECUNIA:61855 URL:http://secunia.com/advisories/61855 SECUNIA:61857 URL:http://secunia.com/advisories/61857 SECUNIA:61873 URL:http://secunia.com/advisories/61873 SECUNIA:62312 URL:http://secunia.com/advisories/62312 SECUNIA:62343 URL:http://secunia.com/advisories/62343 SUSE:SUSE-SU-2014:1247 URL:http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html SUSE:SUSE-SU-2014:1259 URL:http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html SUSE:openSUSE-SU-2014:1229 URL:http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html SUSE:openSUSE-SU-2014:1242 URL:http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html SUSE:openSUSE-SU-2014:1254 URL:http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html SUSE:openSUSE-SU-2014:1308 URL:http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html SUSE:openSUSE-SU-2014:1310 URL:http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html UBUNTU:USN-2364-1 URL:http://www.ubuntu.com/usn/USN-2364-1
Assigning CNA
MITRE Corporation
Date Record Created
20140925	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140925)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)