CVE-2012-6711

Priority
Description
A heap-based buffer overflow exists in GNU Bash before 4.3 when wide
characters, not supported by the current locale set in the LC_CTYPE
environment variable, are printed through the echo built-in function. A
local attacker, who can provide data to print through the "echo -e"
built-in function, may use this flaw to crash a script or execute code with
the privileges of the bash process. This occurs because ansicstr() in
lib/sh/strtrans.c mishandles u32cconv().
Notes
Package
Source: bash (LP Ubuntu Debian)
Upstream:released (4.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):released (4.2-2ubuntu2.9)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.3.7ubuntu1.8)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.3-14ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.4.18-2ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan Ermine):not-affected
Ubuntu 20.04 (Focal Fossa):not-affected
Patches:
Upstream:http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
More Information

Updated: 2019-12-05 21:02:00 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)