Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

heap overflow CVE-2022-3715

Related Vulnerabilities: CVE-2022-3715  

Source

Debian Bug report logs - #1030355
heap overflow CVE-2022-3715

version graph

Package: bash; Maintainer for bash is Matthias Klose <doko@debian.org>; Source for bash is src:bash (PTS, buildd, popcon).

Reported by: Toni Mueller <toni@debian.org>

Date: Fri, 3 Feb 2023 12:33:02 UTC

Severity: grave

Tags: security, upstream

Found in versions bash/5.1-2, bash/5.1-2+deb11u1

Fixed in version bash/5.2-1

Done: Salvatore Bonaccorso <carnil@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Matthias Klose <doko@debian.org>:
Bug#1030355; Package bash. (Fri, 03 Feb 2023 12:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Toni Mueller <toni@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Matthias Klose <doko@debian.org>. (Fri, 03 Feb 2023 12:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Toni Mueller <toni@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: heap overflow CVE-2022-3715
Date: Fri, 3 Feb 2023 12:24:04 +0000
Package: bash
Version: 5.1-2+deb11u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>



Hi,

according to RedHat, this bug was corrected in bash 5.1.8, but seems to
be usable to conduct at least a local DOS.


Enjoy,
Toni


-- System Information:
Debian Release: 11.6
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-20-amd64 (SMP w/12 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages bash depends on:
ii  base-files   11.1+deb11u6
ii  debianutils  4.11.2
ii  libc6        2.31-13+deb11u5
ii  libtinfo6    6.2+20201114-2

Versions of packages bash recommends:
ii  bash-completion  1:2.11-2

Versions of packages bash suggests:
pn  bash-doc  <none>

-- no debconf information

Marked as fixed in versions bash/5.2-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 03 Feb 2023 12:45:02 GMT) (full text, mbox, link).

Marked Bug as done Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 03 Feb 2023 12:45:03 GMT) (full text, mbox, link).

Notification sent to Toni Mueller <toni@debian.org>:
Bug acknowledged by developer. (Fri, 03 Feb 2023 12:45:04 GMT) (full text, mbox, link).

Message sent on to Toni Mueller <toni@debian.org>:
Bug#1030355. (Fri, 03 Feb 2023 12:45:05 GMT) (full text, mbox, link).

Message #14 received at 1030355-submitter@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: control@bugs.debian.org
Cc: 1030355-submitter@bugs.debian.org
Subject: closing 1030355
Date: Fri, 03 Feb 2023 13:43:45 +0100
close 1030355 5.2-1
thanks

Marked as found in versions bash/5.1-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 03 Feb 2023 12:48:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Feb 4 13:04:55 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started