CVE-2014-7169 — GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
2022-01-28 • CISA Known Exploited Vulnerability
[event] GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | GNU |
| Product | Bourne-Again Shell (Bash) |
| CWE | CWE-78 |
| CVE ID | CVE-2014-7169 |
| Date Added | 2022-01-28 |
| Due Date | 2022-07-28 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-07-28