FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bash -- out-of-bounds memory access in parser

Affected packages
bash < 4.3.27_1
bash-static < 4.3.27_1

Details

VuXML ID 4a4e9f88-491c-11e4-ae2c-c80aa9043978
Discovery 2014-09-25
Entry 2014-10-01

RedHat security team reports:

It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.

References

CVE Name CVE-2014-7186
CVE Name CVE-2014-7187
URL https://access.redhat.com/security/cve/CVE-2014-7186