[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bash builtins mapfile issue - Unexpected parameter passing of causes rce
|
From: |
~ |
|
Subject: |
bash builtins mapfile issue - Unexpected parameter passing of causes rce |
|
Date: |
Sat, 14 Sep 2024 19:46:21 +0800 |
Dear bug-bash team:
I hope this email finds you well. During my recent security
assessment of bash, I identified a potential security vulnerability that I
believe may impact the security of your product and its users.
here is details:
1??mapfile -C xxx will call run_callback
2??evil "execstr" parameter passing causes rce
mapfile.def
for example in bash shell:
echo -e "line1\nline2\nline3\nline4\nline5\nline6\nline7\nline8\nline9\nline10"
> test.txt
mapfile -t -C "whoami #111" -c 5 my_array < test.txt
I want to assign a CVE ID to the vulnerability
I look forward to working with you to address this matter promptly and
securely. Please feel free to contact me directly if you have any
questions or need further information.
Thank you for your attention to this matter.
04332C32@3DF8414D.8D77E566.png
Description: Binary data
FE603092@52ADCB08.8D77E566.png
Description: Binary data
- bash builtins mapfile issue - Unexpected parameter passing of causes rce,
~ <=