Vulnerability Details CVE-2016-9401
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://rhn.redhat.com/errata/RHSA-2017-0725.html
- http://www.openwall.com/lists/oss-security/2016/11/17/5
- http://www.openwall.com/lists/oss-security/2016/11/17/9
- http://www.securityfocus.com/bid/94398
- https://access.redhat.com/errata/RHSA-2017:1931
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://security.gentoo.org/glsa/201701-02
- http://rhn.redhat.com/errata/RHSA-2017-0725.html
- http://www.openwall.com/lists/oss-security/2016/11/17/5
- http://www.openwall.com/lists/oss-security/2016/11/17/9
- http://www.securityfocus.com/bid/94398
- https://access.redhat.com/errata/RHSA-2017:1931
- https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html
- https://security.gentoo.org/glsa/201701-02
Products affected by CVE-2016-9401
-
cpe:2.3:a:gnu:bash:-
-
cpe:2.3:a:gnu:bash:1.14.0
-
cpe:2.3:a:gnu:bash:1.14.1
-
cpe:2.3:a:gnu:bash:1.14.2
-
cpe:2.3:a:gnu:bash:1.14.3
-
cpe:2.3:a:gnu:bash:1.14.4
-
cpe:2.3:a:gnu:bash:1.14.5
-
cpe:2.3:a:gnu:bash:1.14.6
-
cpe:2.3:a:gnu:bash:1.14.7
-
cpe:2.3:a:gnu:bash:2.0
-
cpe:2.3:a:gnu:bash:2.01
-
cpe:2.3:a:gnu:bash:2.01.1
-
cpe:2.3:a:gnu:bash:2.02
-
cpe:2.3:a:gnu:bash:2.02.1
-
cpe:2.3:a:gnu:bash:2.03
-
cpe:2.3:a:gnu:bash:2.04
-
cpe:2.3:a:gnu:bash:2.05
-
cpe:2.3:a:gnu:bash:3.0
-
cpe:2.3:a:gnu:bash:3.0.16
-
cpe:2.3:a:gnu:bash:3.1
-
cpe:2.3:a:gnu:bash:3.2
-
cpe:2.3:a:gnu:bash:3.2.48
-
cpe:2.3:a:gnu:bash:3.2.57
-
cpe:2.3:a:gnu:bash:4.0
-
cpe:2.3:a:gnu:bash:4.1
-
cpe:2.3:a:gnu:bash:4.2
-
cpe:2.3:a:gnu:bash:4.2.53
-
cpe:2.3:a:gnu:bash:4.3
-
cpe:2.3:a:gnu:bash:4.3.30
-
cpe:2.3:a:gnu:bash:4.4
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0