Vulnerability CVE-2014-7187: Information

Description

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

Severity: CRITICAL (10.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-7187
Published: Sept. 28, 2014
Modified: Oct. 9, 2018
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
bashc73.2.54-alt0.M70P.13.2.54-alt0.M70P.1.M70C.1ALT-PU-2014-2216-1131197Fixed
bash4sisyphus4.2.49-alt14.4.23-alt1ALT-PU-2014-2201-1131126Fixed
bash4p104.2.49-alt14.4.23-alt1ALT-PU-2014-2201-1131126Fixed
bash4p94.2.49-alt14.4.23-alt1ALT-PU-2014-2201-1131126Fixed
bash4c10f14.2.49-alt14.4.23-alt1ALT-PU-2014-2201-1131126Fixed
bash4c9f24.2.49-alt14.4.23-alt1ALT-PU-2014-2201-1131126Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20140928 Re: CVE-2014-6271: remote code execution through bash
    [oss-security] 20140925 Fwd: Non-upstream patches for bash
    • Exploit
    [oss-security] 20140926 Re: Fwd: Non-upstream patches for bash
      https://www.suse.com/support/shellshock/
        http://support.novell.com/security/cve/CVE-2014-7187.html
          61479
            61641
              61618
                61622
                  https://kb.bluecoat.com/index?page=content&id=SA82
                    61636
                      openSUSE-SU-2014:1242
                        openSUSE-SU-2014:1229
                          SUSE-SU-2014:1247
                            openSUSE-SU-2014:1254
                              RHSA-2014:1311
                                20140926 GNU Bash Environment Variable Command Injection Vulnerability
                                  USN-2364-1
                                    SUSE-SU-2014:1259
                                      RHSA-2014:1312
                                        61485
                                          59907
                                            61654
                                              http://www-01.ibm.com/support/docview.wss?uid=swg21685749
                                                http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
                                                  http://www.novell.com/support/kb/doc.php?id=7015721
                                                    61565
                                                      61643
                                                        61503
                                                          https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
                                                            61633
                                                              61552
                                                                http://www-01.ibm.com/support/docview.wss?uid=swg21685914
                                                                  61703
                                                                    20141001 FW: NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities
                                                                      61283
                                                                        http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
                                                                          61603
                                                                            http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
                                                                              http://www.vmware.com/security/advisories/VMSA-2014-0010.html
                                                                                http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
                                                                                  http://www-01.ibm.com/support/docview.wss?uid=swg21686084
                                                                                    HPSBGN03138
                                                                                      61188
                                                                                        HPSBHF03125
                                                                                          https://support.citrix.com/article/CTX200217
                                                                                            http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
                                                                                              60034
                                                                                                61816
                                                                                                  61128
                                                                                                    61313
                                                                                                      http://www-01.ibm.com/support/docview.wss?uid=swg21685733
                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
                                                                                                          61442
                                                                                                            61287
                                                                                                              https://support.citrix.com/article/CTX200223
                                                                                                                http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
                                                                                                                  60055
                                                                                                                    61129
                                                                                                                      http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21686479
                                                                                                                          http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
                                                                                                                            https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
                                                                                                                              http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
                                                                                                                                58200
                                                                                                                                  61328
                                                                                                                                    61857
                                                                                                                                      60193
                                                                                                                                        http://www-01.ibm.com/support/docview.wss?uid=swg21685604
                                                                                                                                          61065
                                                                                                                                            61550
                                                                                                                                              61855
                                                                                                                                                http://www-01.ibm.com/support/docview.wss?uid=swg21686131
                                                                                                                                                  61312
                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=swg21686494
                                                                                                                                                      60063
                                                                                                                                                        61291
                                                                                                                                                          60044
                                                                                                                                                            http://www-01.ibm.com/support/docview.wss?uid=swg21686246
                                                                                                                                                              http://www-01.ibm.com/support/docview.wss?uid=swg21686445
                                                                                                                                                                https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
                                                                                                                                                                  http://www-01.ibm.com/support/docview.wss?uid=swg21687079
                                                                                                                                                                    http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
                                                                                                                                                                      60433
                                                                                                                                                                        60024
                                                                                                                                                                          HPSBGN03141
                                                                                                                                                                            HPSBGN03142
                                                                                                                                                                              openSUSE-SU-2014:1310
                                                                                                                                                                                HPSBST03157
                                                                                                                                                                                  JVN#55667175
                                                                                                                                                                                    HPSBMU03144
                                                                                                                                                                                      HPSBST03131
                                                                                                                                                                                        http://www.qnap.com/i/en/support/con_show.php?cid=61
                                                                                                                                                                                          HPSBMU03143
                                                                                                                                                                                            openSUSE-SU-2014:1308
                                                                                                                                                                                              JVNDB-2014-000126
                                                                                                                                                                                                HPSBST03129
                                                                                                                                                                                                  http://www-01.ibm.com/support/docview.wss?uid=swg21686447
                                                                                                                                                                                                    RHSA-2014:1354
                                                                                                                                                                                                      61873
                                                                                                                                                                                                        HPSBST03181
                                                                                                                                                                                                          HPSBST03155
                                                                                                                                                                                                            HPSBST03154
                                                                                                                                                                                                              HPSBMU03165
                                                                                                                                                                                                                HPSBMU03182
                                                                                                                                                                                                                  HPSBST03148
                                                                                                                                                                                                                    62343
                                                                                                                                                                                                                      62312
                                                                                                                                                                                                                        APPLE-SA-2015-01-27-4
                                                                                                                                                                                                                          http://support.apple.com/HT204244
                                                                                                                                                                                                                            HPSBMU03245
                                                                                                                                                                                                                              HPSBMU03246
                                                                                                                                                                                                                                SSRT101830
                                                                                                                                                                                                                                  HPSBMU03217
                                                                                                                                                                                                                                    SSRT101868
                                                                                                                                                                                                                                      SSRT101819
                                                                                                                                                                                                                                        MDVSA-2015:164
                                                                                                                                                                                                                                          APPLE-SA-2015-09-30-3
                                                                                                                                                                                                                                            https://support.apple.com/HT205267
                                                                                                                                                                                                                                              https://kc.mcafee.com/corporate/index?page=content&id=SB10085
                                                                                                                                                                                                                                                https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
                                                                                                                                                                                                                                                  https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
                                                                                                                                                                                                                                                    20141001 NEW VMSA-2014-0010 - VMware product updates address critical Bash security vulnerabilities

                                                                                                                                                                                                                                                        1. Configuration 1

                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                          cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
                                                                                                                                                                                                                                                      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                                                                                                                                                                                                                      Version: v24.4.2
                                                                                                                                                                                                                                                      Back to top