CVE-2012-3410
EPSS 0.08%
Description
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
How to fix CVE-2012-3410
To remediate CVE-2012-3410, upgrade the affected package to a fixed version below.
- Debian/bash—upgrade to 4.2-4 or later
Is CVE-2012-3410 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.2-4