Total vulnerabilities in the database
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
| Software | From | Fixed in |
|---|---|---|
| gnu / bash | 4.0-rc1 | 4.0-rc1.x |
| gnu / bash | 4.3 | 4.3.x |
| gnu / bash | 3.2.48 | 3.2.48.x |
| gnu / bash | 1.14.3 | 1.14.3.x |
| gnu / bash | 4.1 | 4.1.x |
| gnu / bash | 2.05-a | 2.05-a.x |
| gnu / bash | 2.05-b | 2.05-b.x |
| gnu / bash | 2.05 | 2.05.x |
| gnu / bash | 1.14.1 | 1.14.1.x |
| gnu / bash | 3.0 | 3.0.x |
| gnu / bash | 2.01 | 2.01.x |
| gnu / bash | 2.04 | 2.04.x |
| gnu / bash | 2.0 | 2.0.x |
| gnu / bash | 2.01.1 | 2.01.1.x |
| gnu / bash | 1.14.7 | 1.14.7.x |
| gnu / bash | 3.1 | 3.1.x |
| gnu / bash | 1.14.6 | 1.14.6.x |
| gnu / bash | 1.14.2 | 1.14.2.x |
| gnu / bash | 4.0 | 4.0.x |
| gnu / bash | 1.14.4 | 1.14.4.x |
| gnu / bash | 4.2 | 4.2.x |
| gnu / bash | 2.02.1 | 2.02.1.x |
| gnu / bash | 3.0.16 | 3.0.16.x |
| gnu / bash | 1.14.5 | 1.14.5.x |
| gnu / bash | 1.14.0 | 1.14.0.x |
| gnu / bash | 2.02 | 2.02.x |
| gnu / bash | 3.2 | 3.2.x |
| gnu / bash | 2.03 | 2.03.x |