CVE-2019-14868

NameCVE-2019-14868
Descriptionenvironment variables on startup are interpreted as arithmetic expression leading to code injection
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs948989

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ksh (PTS)jessie93u+20120801-1vulnerable
stretch93u+20120801-3.1vulnerable
buster93u+20120801-3.4vulnerable
bullseye2020.0.0-2.1fixed
sid2020.0.0-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kshsource(unstable)2020.0.0-2.1948989

Notes

[jessie] - ksh <ignored> (Minor issue)
https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2

Search for package or bug name: Reporting problems