CVE-2014-7186

Exp

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

公開: 2014-09-28 最終更新: 2026-05-06 Assigner: [email protected] ソース: [email protected]
NVD ステータス:ModifiedCVE の状態: published
参照: NVD, CVE.org, EUVD, JVN

CVE-2014-7186 は悪用リスクが高い(89/100)。CVSS 深刻度は重大。悪用される可能性が高い(EPSS 89.35%、100 パーセンタイル) 公開エクスプロイトが 3 件参照されています(Exploit-DB)。 公開エクスプロイトが確認されています。影響範囲の確認、緩和策の適用、パッチ適用を優先してください。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2014-7186 に関する公開 exploit 参照(Exploit-DB)

EDB-ID ソース 種別 公開 リンク
34860 exploit_db edb 2014-10-02 Exploit-DB ↗
36933 exploit_db edb 2014-09-29 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

CVE-2014-7186 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-03 90.15% 89.35% -0.80%
2 2026-05-22 89.35% 90.15% +0.80%
3 2026-04-15 89.35%

EPSS の全履歴 (全 43 件)

CVE-2014-7186 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

ベーススコア バージョン 深刻度 ベクトル 悪用しやすさ 影響 スコアの出典
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C クリックして展開
アクセス経路 (AV:N)
ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L)
手順が短く、再現性が高い。
認証 (AU:N)
認証を経ずに攻撃を完結できる。
機密性への影響 (C:C)
機密性は全面的に損なわれる。
完全性への影響 (I:C)
完全性は全面的に損なわれる。
可用性への影響 (A:C)
可用性は全面的に損なわれる。
 10.0 10.0 [email protected]

CVE-2014-7186 の弱点分類(列挙)

CVE-2014-7186 の OS トラッカー

vendor priority summary link
debian not yet assigned CVE-2014-7186 not yet assigned priority: Debian including 1 source packages (bash), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2014-7186
gentoo high CVE-2014-7186: 1 GLSA(s) (201410-01), 1 atom(s) (app-shells/bash); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2014-7186
redhat medium https://access.redhat.com/security/cve/CVE-2014-7186
suse medium CVE-2014-7186 severity moderate: SUSE including 122 source package names (bash, bash-3.2-147.14.22.1, …), 470 product×package rows across 88 product lines (HPE Helion OpenStack 8, SLES-LTSS-TERADATA 15 SP2, … (88 product lines)): Known Not Affected 276, Fixed 194. https://www.suse.com/security/cve/CVE-2014-7186/
ubuntu medium CVE-2014-7186 medium priority: Ubuntu including 1 source packages (bash), 4 status rows across 4 suites (lucid, precise, trusty, upstream): released 3, needs-triage 1. https://ubuntu.com/security/CVE-2014-7186

CVE-2014-7186 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
gnu bash 1.14.0 cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
gnu bash 1.14.1 cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*
gnu bash 1.14.2 cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*
gnu bash 1.14.3 cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*
gnu bash 1.14.4 cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*
gnu bash 1.14.5 cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*
gnu bash 1.14.6 cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*
gnu bash 1.14.7 cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*
gnu bash 2.0 cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*
gnu bash 2.01 cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*
gnu bash 2.01.1 cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*
gnu bash 2.02 cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*
gnu bash 2.02.1 cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*
gnu bash 2.03 cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*
gnu bash 2.04 cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*
gnu bash 2.05 cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*
gnu bash 2.05 cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*
gnu bash 2.05 cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*
gnu bash 3.0 cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*
gnu bash 3.0.16 cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*
gnu bash 3.1 cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*
gnu bash 3.2 cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*
gnu bash 3.2.48 cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*
gnu bash 4.0 cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*
gnu bash 4.0 cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*
gnu bash 4.1 cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*
gnu bash 4.2 cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*
gnu bash 4.3 cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*

CVE-2014-7186 の参考情報

URL タグ
http://jvn.jp/en/jp/JVN55667175/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00048.html
http://marc.info/?l=bugtraq&m=141330468527613&w=2
http://marc.info/?l=bugtraq&m=141345648114150&w=2
http://marc.info/?l=bugtraq&m=141383026420882&w=2
http://marc.info/?l=bugtraq&m=141383081521087&w=2
http://marc.info/?l=bugtraq&m=141383138121313&w=2
http://marc.info/?l=bugtraq&m=141383196021590&w=2
http://marc.info/?l=bugtraq&m=141383244821813&w=2
http://marc.info/?l=bugtraq&m=141383304022067&w=2
http://marc.info/?l=bugtraq&m=141450491804793&w=2
http://marc.info/?l=bugtraq&m=141576728022234&w=2
http://marc.info/?l=bugtraq&m=141577137423233&w=2
http://marc.info/?l=bugtraq&m=141577241923505&w=2
http://marc.info/?l=bugtraq&m=141577297623641&w=2
http://marc.info/?l=bugtraq&m=141585637922673&w=2
http://marc.info/?l=bugtraq&m=141694386919794&w=2
http://marc.info/?l=bugtraq&m=141879528318582&w=2
http://marc.info/?l=bugtraq&m=142113462216480&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142289270617409&w=2
http://marc.info/?l=bugtraq&m=142358026505815&w=2
http://marc.info/?l=bugtraq&m=142358078406056&w=2
http://marc.info/?l=bugtraq&m=142721162228379&w=2
http://openwall.com/lists/oss-security/2014/09/25/32 Exploit
http://openwall.com/lists/oss-security/2014/09/26/2
http://openwall.com/lists/oss-security/2014/09/28/10
http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.html
http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html
http://rhn.redhat.com/errata/RHSA-2014-1311.html
http://rhn.redhat.com/errata/RHSA-2014-1312.html
http://rhn.redhat.com/errata/RHSA-2014-1354.html
http://seclists.org/fulldisclosure/2014/Oct/0
http://secunia.com/advisories/58200
http://secunia.com/advisories/59907
http://secunia.com/advisories/60024
http://secunia.com/advisories/60034
http://secunia.com/advisories/60044
http://secunia.com/advisories/60055
http://secunia.com/advisories/60063
http://secunia.com/advisories/60193
http://secunia.com/advisories/60433
http://secunia.com/advisories/61065
http://secunia.com/advisories/61128
http://secunia.com/advisories/61129
http://secunia.com/advisories/61188
http://secunia.com/advisories/61283
http://secunia.com/advisories/61287
http://secunia.com/advisories/61291
http://secunia.com/advisories/61312
http://secunia.com/advisories/61313
http://secunia.com/advisories/61328
http://secunia.com/advisories/61442
http://secunia.com/advisories/61471
http://secunia.com/advisories/61479
http://secunia.com/advisories/61485
http://secunia.com/advisories/61503
http://secunia.com/advisories/61550
http://secunia.com/advisories/61552
http://secunia.com/advisories/61565
http://secunia.com/advisories/61603
http://secunia.com/advisories/61618
http://secunia.com/advisories/61622
http://secunia.com/advisories/61633
http://secunia.com/advisories/61636
http://secunia.com/advisories/61641
http://secunia.com/advisories/61643
http://secunia.com/advisories/61654
http://secunia.com/advisories/61703
http://secunia.com/advisories/61711
http://secunia.com/advisories/61780
http://secunia.com/advisories/61816
http://secunia.com/advisories/61873
http://secunia.com/advisories/62228
http://secunia.com/advisories/62312
http://secunia.com/advisories/62343
http://support.apple.com/HT204244
http://support.novell.com/security/cve/CVE-2014-7186.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915
http://www-01.ibm.com/support/docview.wss?uid=swg21685541
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www-01.ibm.com/support/docview.wss?uid=swg21685733
http://www-01.ibm.com/support/docview.wss?uid=swg21685749
http://www-01.ibm.com/support/docview.wss?uid=swg21685914
http://www-01.ibm.com/support/docview.wss?uid=swg21686084
http://www-01.ibm.com/support/docview.wss?uid=swg21686131
http://www-01.ibm.com/support/docview.wss?uid=swg21686246
http://www-01.ibm.com/support/docview.wss?uid=swg21686445
http://www-01.ibm.com/support/docview.wss?uid=swg21686447
http://www-01.ibm.com/support/docview.wss?uid=swg21686479
http://www-01.ibm.com/support/docview.wss?uid=swg21686494
http://www-01.ibm.com/support/docview.wss?uid=swg21687079
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315
http://www.mandriva.com/security/advisories?name=MDVSA-2015:164
http://www.novell.com/support/kb/doc.php?id=7015721
http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html
http://www.qnap.com/i/en/support/con_show.php?cid=61
http://www.securityfocus.com/archive/1/533593/100/0/threaded
http://www.ubuntu.com/usn/USN-2364-1
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
https://kb.bluecoat.com/index?page=content&id=SA82
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648
https://kc.mcafee.com/corporate/index?page=content&id=SB10085
https://support.apple.com/HT205267
https://support.citrix.com/article/CTX200217
https://support.citrix.com/article/CTX200223
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts
https://www.suse.com/support/shellshock/
cvelogic Threat Intelligence