CVE-2014-7169 — GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vect

01What is this vulnerability?

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server…

02Affected products

Vendor	Product	Versions
n	a / n/a	n/a

03Active exploitation status

Yes — actively exploited. Added to the CISA KEV catalog on 2022-01-28. Ransomware use: Unknown.

04Recommended remediation

• Patch to a fixed version listed in the vendor advisory (see references below).
• Mitigate with WAF rules, network egress filters, or feature flags where the patch is not yet available.
• Hunt historical logs for exploitation indicators — see Detection signatures below.

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

• Published: 2014-09-25T01:00:00.000Z
• Last modified: 2025-10-22T00:05:36.027Z
• Added to CISA KEV: 2022-01-28
• BOD 22-01 due: 2022-07-28

09References

• packetstormsecurity.com — http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.h…
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685749
• www.openwall.com — http://www.openwall.com/lists/oss-security/2014/09/24/32
• marc.info — http://marc.info/?l=bugtraq&m=141577137423233&w=2
• marc.info — http://marc.info/?l=bugtraq&m=141216668515282&w=2
• supportcenter.checkpoint.com — https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewso…
• marc.info — http://marc.info/?l=bugtraq&m=141383138121313&w=2
• marc.info — http://marc.info/?l=bugtraq&m=142721162228379&w=2
• www.securityfocus.com — http://www.securityfocus.com/archive/1/533593/100/0/threaded
• marc.info — http://marc.info/?l=bugtraq&m=142358026505815&w=2
• lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21686084
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21686479
• secunia.com — http://secunia.com/advisories/61188
• jvn.jp — http://jvn.jp/en/jp/JVN55667175/index.html
• secunia.com — http://secunia.com/advisories/61676
• lists.opensuse.org — http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
• secunia.com — http://secunia.com/advisories/60433
• marc.info — http://marc.info/?l=bugtraq&m=141383026420882&w=2
• marc.info — http://marc.info/?l=bugtraq&m=141585637922673&w=2
• rhn.redhat.com — http://rhn.redhat.com/errata/RHSA-2014-1306.html
• marc.info — http://marc.info/?l=bugtraq&m=141576728022234&w=2
• www-01.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21685541
• secunia.com — http://secunia.com/advisories/61715
• www.ubuntu.com — http://www.ubuntu.com/usn/USN-2363-2
• www.oracle.com — http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
• secunia.com — http://secunia.com/advisories/61816
• lists.opensuse.org — http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html
• secunia.com — http://secunia.com/advisories/61442