CVE-2014-7187

Priority
Medium
Description
Off-by-one error in the read_token_word function in parse.y in GNU Bash
through 4.3 bash43-026 allows remote attackers to cause a denial of service
(out-of-bounds array access and application crash) or possibly have
unspecified other impact via deeply nested for loops, aka the "word_lineno"
issue.
References
Bugs
Package
Source: bash (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.3-7ubuntu1.4)
More Information

Updated: 2017-12-15 20:33:48 UTC (commit 13913)