CVE-2014-6271
Published: January 28, 2022
Official Description
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
CISA KEV Advisory
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.
Apply updates per vendor instructions.
Risk Analysis
GNU Bash through version 4.3 is vulnerable to remote code execution due to how it processes trailing strings after function definitions in environment variables. The high EPSS score of 0.94220 indicates a significant likelihood of exploitation. This vulnerability is confirmed to be actively exploited, as listed in the CISA KEV catalog.
This vulnerability is actively exploited in the wild. Remote attackers can execute code by manipulating environment variables.
Update GNU Bash to a patched version. Review and sanitize environment variables in scripts and applications.
Technical Analysis
CVE-2014-6271 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2014-6271 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Exploit & PoC Resources
All References (1)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2014-6271 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1