CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-7817

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.3%

CVSS Severity

CVSS v2 Score 4.6

References

Products affected by CVE-2014-7817

Gnu » Glibc » Version: 2.21

cpe:2.3:a:gnu:glibc:2.21
Canonical » Ubuntu Linux » Version: 10.04

cpe:2.3:o:canonical:ubuntu_linux:10.04
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Opensuse » Opensuse » Version: 13.1

cpe:2.3:o:opensuse:opensuse:13.1
Opensuse » Opensuse » Version: 13.2

cpe:2.3:o:opensuse:opensuse:13.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-7817

Products

Pricing

Contact Us