#VU109674 Heap-based buffer overflow in Bash - CVE-2012-6711

Cybersecurity Help s.r.o.

Published: 2025-05-23

Vulnerability identifier: #VU109674

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-6711

CWE-ID: CWE-122

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Bash
Universal components / Libraries / Scripting languages

Vendor: GNU

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ansicstr() function in lib/sh/strtrans.c when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local user can trigger a heap-based buffer overflow and escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Bash: 4.0 - 4.2

External links
https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5
https://bugzilla.redhat.com/show_bug.cgi?id=1721071
https://support.f5.com/csp/article/K05122252
https://support.f5.com/csp/article/K05122252?utm_source=f5support&utm_medium=RSS
https://usn.ubuntu.com/4180-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell EMC Unity update for third-party components

Privilege escalation in GNU Bash