CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5932

The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.1%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 4.6

References

http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
http://www.openwall.com/lists/oss-security/2017/02/08/3
http://www.securityfocus.com/bid/96136
https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html
http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
http://www.openwall.com/lists/oss-security/2017/02/08/3
http://www.securityfocus.com/bid/96136
https://lists.gnu.org/archive/html/bug-bash/2017-01/msg00034.html

Products affected by CVE-2017-5932

Gnu » Bash » Version: 4.4

cpe:2.3:a:gnu:bash:4.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5932

Products

Pricing

Contact Us