VDB

ALPINE-CVE-2016-0634

ALPINE-CVE-2016-0634 PUBLISHED CVSS 7.5 HIGH

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.11bash0, 4.0.035-r0, 4.1.005-r0
Alpine:v3.17bash4.0.035-r0, 0, 4.4.12-r0
Alpine:v3.13bash0, 4.4.12-r0, 4.3.48-r2
Alpine:v3.18bash0, 4.0.035-r0, 4.1.005-r0
Alpine:v3.8bash4.2.045-r0, 0, 4.4.12-r0
Alpine:v3.12bash0, 4.4.12-r0, 4.3.48-r2
Alpine:v3.15bash4.2.045-r0, 4.3.011-r1, 4.2.045-r1
Alpine:v3.19bash0, 4.3-r1, 4.3.011-r1
Alpine:v3.16bash0, 4.0.035-r0, 4.1.002-r0
Alpine:v3.22bash0, 0, 4.4.12-r0
Alpine:v3.24bash0
Alpine:v3.21bash4.3.27-r0, 0, 4.1.002-r0
Alpine:v3.14bash4.2.045-r0, 0, 4.4.12-r0
Alpine:v3.9bash0, 4.4.12-r0, 4.3.48-r2
Alpine:v3.10bash0, 0, 4.0.035-r0
Alpine:v3.23bash4.3.025-r0, 0, 4.4.12-r0
Alpine:v3.7bash0, 0, 4.0.035-r0
Alpine:v3.20bash4.0.035-r0, 4.1.002-r0, 4.1.005-r0

Timeline

  • Aug 28, 2017 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›