It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | bash | 2014-09-24 22:26 | ALAS-2014-419 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |