[3.5] bash:popd controlled free (CVE-2016-9401)
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way:
$ popd +–111111
This could be used to bypass restricted shells (rsh) on some environments to cause use-after-free.
(from redmine: issue id 6655, created on 2017-01-10, closed on 2017-01-25)
- parent #6653 (closed)
- Revision 88fc2ef0 by Sergei Lukin on 2017-01-24T09:22:39Z:
main/bash: security fixes #6655 CVE-2016-9401