Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-6277

EPSS 86.75% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-6277

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU Bash 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU Bash是美国软件开发者布莱恩-福克斯(Brian J. Fox)为GNU计划而编写的一个Shell(命令语言解释器),它运行于类Unix操作系统中(Linux系统的默认Shell),并能够从标准输入设备或文件中读取、执行命令,同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3 bash43-026及之前版本中存在安全漏洞,该漏洞源于程序没有正确解析环境变量中的函数定义。远程攻击者可通过特制的环境变量利用该漏洞执行任意代码或造成拒绝服务(未初始化的内存访问,不可信指针读取和写入操作
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-6277

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-6277

登录查看更多情报信息。

Same Patch Batch · n/a · 2014-09-27 · 17 CVEs total

CVE-2014-3062IBM Security QRadar SIEM 远程代码执行漏洞
CVE-2014-5459PHP Pear‘/tmp/’Directory 安全漏洞
CVE-2014-6734Android Wine Making应用程序加密问题漏洞
CVE-2014-6735Android imagine Next bmobile应用程序加密问题漏洞
CVE-2014-6736Android EPL Hat Trick应用程序加密问题漏洞
CVE-2014-6737Android Ultimate Target-Armored Sniper应用程序加密问题漏洞
CVE-2014-6738Android Maccabi Tel Aviv应用程序加密问题漏洞
CVE-2014-6739Android Well-Being Connect Mobile应用程序加密问题漏洞
CVE-2014-6740Android XD Forum应用程序加密问题漏洞
CVE-2014-6741Android John MacArthur应用程序加密问题漏洞
CVE-2014-6742Android All around Cyprus应用程序加密问题漏洞
CVE-2014-6743Android Hearsay: A Social Party Game应用程序加密问题漏洞
CVE-2014-6744Android Al-Ahsa News应用程序加密问题漏洞
CVE-2014-6745Android Family Location应用程序加密问题漏洞
CVE-2014-6746Android Infiniti Roadside Assistance应用程序加密问题漏洞
CVE-2014-6747Android SeeOn应用程序加密问题漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-6277

No comments yet

Leave a comment