VulnerableCode Package Details - pkg:deb/debian/bash@5.3-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4c4h-9zpn-kkd2	Multiple vulnerabilities were found in Bash, the worst of which may allow execution of arbitrary code.	CVE-2016-7543
VCID-556k-17z3-auc2	A vulnerability in Bash may allow users to escalate privileges.	CVE-2019-18276
VCID-7ec1-w1x9-97d6	The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.	CVE-2010-0002
VCID-az8z-jtp2-tyhj	A parsing flaw related to functions and environments in Bash could allow attackers to inject code. The unaffected packages listed in GLSA 201409-09 had an incomplete fix.	CVE-2014-7169
VCID-ba3s-az62-fkdc	security update	CVE-2014-6271
VCID-hvf8-a8kf-qqbq	Multiple vulnerabilities were found in Bash, the worst of which may allow execution of arbitrary code.	CVE-2016-9401
VCID-hxgp-7aap-xqh6	Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.	CVE-2014-7186
VCID-jqym-yvag-qfcz	bash: BASH_CMD is writable in restricted bash shells	CVE-2019-9924
VCID-k9hm-bh92-qfan	bash: heap-based buffer overflow during echo of unsupported characters	CVE-2012-6711
VCID-m98m-wbj2-zbdk	Two vulnerabilities have been found in Bash, the worst of which may allow execution of arbitrary code.	CVE-2012-3410
VCID-nm4t-6dw6-vbby	A vulnerability in Bash could potentially lead to arbitrary code execution.	CVE-2016-0634
VCID-rc3z-84wf-pygu	bash: a heap-buffer-overflow in valid_parameter_transform	CVE-2022-3715
VCID-sqj7-9htv-nbfn	Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.	CVE-2014-6277
VCID-twyf-cbfd-hka1	Two vulnerabilities have been found in Bash, the worst of which may allow execution of arbitrary code.	CVE-2008-5374
VCID-up13-8aex-7qfy	bash: Code execution in bash autocompletion	CVE-2017-5932
VCID-yje9-sb3a-kubp	Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.	CVE-2014-7187
VCID-yz3v-qgsz-53ew	Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.	CVE-2014-6278

Vulnerability

Summary

Aliases

VCID-4c4h-9zpn-kkd2

Multiple vulnerabilities were found in Bash, the worst of which may allow execution of arbitrary code.

CVE-2016-7543

VCID-556k-17z3-auc2

A vulnerability in Bash may allow users to escalate privileges.

CVE-2019-18276

VCID-7ec1-w1x9-97d6

The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename.

CVE-2010-0002

VCID-az8z-jtp2-tyhj

A parsing flaw related to functions and environments in Bash could allow attackers to inject code. The unaffected packages listed in GLSA 201409-09 had an incomplete fix.

CVE-2014-7169

VCID-ba3s-az62-fkdc

security update

CVE-2014-6271

VCID-hvf8-a8kf-qqbq

Multiple vulnerabilities were found in Bash, the worst of which may allow execution of arbitrary code.

CVE-2016-9401

VCID-hxgp-7aap-xqh6

Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.

CVE-2014-7186

VCID-jqym-yvag-qfcz

bash: BASH_CMD is writable in restricted bash shells

CVE-2019-9924

VCID-k9hm-bh92-qfan

bash: heap-based buffer overflow during echo of unsupported characters

CVE-2012-6711

VCID-m98m-wbj2-zbdk

Two vulnerabilities have been found in Bash, the worst of which may allow execution of arbitrary code.

CVE-2012-3410

VCID-nm4t-6dw6-vbby

A vulnerability in Bash could potentially lead to arbitrary code execution.

CVE-2016-0634

VCID-rc3z-84wf-pygu

bash: a heap-buffer-overflow in valid_parameter_transform

CVE-2022-3715

VCID-sqj7-9htv-nbfn

Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.

CVE-2014-6277

VCID-twyf-cbfd-hka1

Two vulnerabilities have been found in Bash, the worst of which may allow execution of arbitrary code.

CVE-2008-5374

VCID-up13-8aex-7qfy

bash: Code execution in bash autocompletion

CVE-2017-5932

VCID-yje9-sb3a-kubp

Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.

CVE-2014-7187

VCID-yz3v-qgsz-53ew

Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition.

CVE-2014-6278

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-06T19:16:22.471407+00:00	Debian Importer	Fixing	VCID-rc3z-84wf-pygu	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.413112+00:00	Debian Importer	Fixing	VCID-jqym-yvag-qfcz	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.371247+00:00	Debian Importer	Fixing	VCID-556k-17z3-auc2	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.328066+00:00	Debian Importer	Fixing	VCID-up13-8aex-7qfy	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.284320+00:00	Debian Importer	Fixing	VCID-hvf8-a8kf-qqbq	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.235823+00:00	Debian Importer	Fixing	VCID-4c4h-9zpn-kkd2	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.193858+00:00	Debian Importer	Fixing	VCID-nm4t-6dw6-vbby	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.151078+00:00	Debian Importer	Fixing	VCID-yje9-sb3a-kubp	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.110027+00:00	Debian Importer	Fixing	VCID-hxgp-7aap-xqh6	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.066937+00:00	Debian Importer	Fixing	VCID-az8z-jtp2-tyhj	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:22.018328+00:00	Debian Importer	Fixing	VCID-yz3v-qgsz-53ew	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.976439+00:00	Debian Importer	Fixing	VCID-sqj7-9htv-nbfn	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.933213+00:00	Debian Importer	Fixing	VCID-ba3s-az62-fkdc	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.890523+00:00	Debian Importer	Fixing	VCID-k9hm-bh92-qfan	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.846149+00:00	Debian Importer	Fixing	VCID-m98m-wbj2-zbdk	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.796625+00:00	Debian Importer	Fixing	VCID-7ec1-w1x9-97d6	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-05-06T19:16:21.751995+00:00	Debian Importer	Fixing	VCID-twyf-cbfd-hka1	https://security-tracker.debian.org/tracker/data/json	38.6.0