CVE-2012-3410

EPSS 0.08%

Published: 8/27/2012Modified: 4/28/2026

Description

Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

Affected packages (1)

Debian/bashfrom 0, < 4.2-4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3410