CVE-2014-7169

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 25, 2014

Updated: Jan 6, 2025

CWE ID 78

Summary

CVE-2014-7169 is a vulnerability affecting GNU Bash up to version 4.3. This issue allows remote attackers to manipulate environment variables, resulting in potential file writes or unknown other impacts. Malformed function definitions in environment strings cause Bash to process trailing strings, which attackers can exploit. This vulnerability builds upon the incomplete fix for CVE-2014-6271, and it has been demonstrated to affect OpenSSH's ForceCommand feature, as well as the Apache HTTP Server's mod_cgi and mod_cgid modules. DHCP clients and other contexts where setting the environment occurs across a privilege boundary from Bash execution are potentially susceptible as well.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

GNU Bash

Affected Vendors

Free Software Foundation, Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners