CVE-2014-7186

Description

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

References

• http://jvn.jp/en/jp/JVN55667175/index.html
• http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
• http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
• http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
• http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
• http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
• http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
• http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
• http://marc.info/?l=bugtraq&m=141330468527613&w=2
• http://marc.info/?l=bugtraq&m=141345648114150&w=2
• http://marc.info/?l=bugtraq&m=141383026420882&w=2
• http://marc.info/?l=bugtraq&m=141383081521087&w=2
• http://marc.info/?l=bugtraq&m=141383138121313&w=2
• http://marc.info/?l=bugtraq&m=141383196021590&w=2
• http://marc.info/?l=bugtraq&m=141383244821813&w=2
• http://marc.info/?l=bugtraq&m=141383304022067&w=2
• http://marc.info/?l=bugtraq&m=141450491804793&w=2
• http://marc.info/?l=bugtraq&m=141576728022234&w=2
• http://marc.info/?l=bugtraq&m=141577137423233&w=2
• http://marc.info/?l=bugtraq&m=141577241923505&w=2
• http://marc.info/?l=bugtraq&m=141577297623641&w=2
• http://marc.info/?l=bugtraq&m=141585637922673&w=2
• http://marc.info/?l=bugtraq&m=141694386919794&w=2
• http://marc.info/?l=bugtraq&m=141879528318582&w=2

CWEs

CWE-119