Fluid Attacks Database

Description

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.9	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
debian 12	bash	>=0 <4.4-1	4.4-1
alpine v3.11	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.12	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.15	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.21	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.10	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.14	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.18	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1
alpine v3.19	bash	=4.0.035-r0 \|\| =4.1.002-r0 \|\| =4.1.005-r0 \|\| =4.1.005-r1 \|\| =4.1.007-r0 \|\| =4.1.009-r0 \|\| =4.1.009-r1 \|\| =4.2.008-r0 \|\| =4.2.010-r0 \|\| =4.2.020-r0 \|\| =4.2.024-r0 \|\| =4.2.028-r0 \|\| =4.2.029-r0 \|\| =4.2.036-r0 \|\| =4.2.037-r0 \|\| =4.2.039-r0 \|\| =4.2.042-r0 \|\| =4.2.045-r0 \|\| =4.2.045-r1 \|\| =4.3-r1 \|\| =4.3.011-r1 \|\| =4.3.011-r2 \|\| =4.3.018-r2 \|\| =4.3.025-r0 \|\| =4.3.025-r1 \|\| =4.3.026-r1 \|\| =4.3.27-r0 \|\| =4.3.28-r0 \|\| =4.3.29-r0 \|\| =4.3.30-r0 \|\| =4.3.33-r0 \|\| =4.3.33-r1 \|\| =4.3.42-r0 \|\| =4.3.42-r1 \|\| =4.3.42-r2 \|\| =4.3.42-r3 \|\| =4.3.46-r3 \|\| =4.3.46-r4 \|\| =4.3.48-r0 \|\| =4.3.48-r1 \|\| =4.3.48-r2 \|\| =4.4.12-r0 \|\| >=0 <4.4.12-r1	4.4.12-r1

1-10 of 24

Aliases

1. CVE-2016-06342. NVD-2016-06343. OSV-ALPINE-2016-06344. OSV-2016-06345. OSV-DEBIAN-2016-06346. SECURITY-CVE-2016-06347. SECURITY-TRACKER-CVE-2016-0634

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.