CVE-2014-7169CISA KEVEPSS p100.0%

CVE-2014-7169GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU / Bourne-Again Shell (Bash)

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271.

Scoring

EPSS99.94% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2022-01-28

(incoming)1

TypeTargetConfidenceTier
KEVEntryGNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerabilitykev-cve-2014-71690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
GNU Bash OS Command Injection Vulnerability
CVE
GNU C Library Buffer Overflow Vulnerability
CVE
Linux Kernel Race Condition Vulnerability
CVE
GNU InetUtils Argument Injection Vulnerability
CVE
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
CVE
Apache HTTP Server Path Traversal Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.