CVE-2014-7817 (retired)

Priority
Description
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the
WRDE_NOCMD flag, which allows context-dependent attackers to execute
arbitrary commands, as demonstrated by input containing "$((`...`))".
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.4)
More Information

Updated: 2019-03-26 12:13:33 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)