Erez Turjeman

**Name of the Vulnerable Software and Affected Versions** GNU Bash versions prior to 4.3 **Description** A heap-based buffer overflow exists when wide characters, not supported by the current locale set in the LC CTYPE environment variable, are printed through the `echo` built-in function. A local attacker, who can provide data to print through the `echo -e` built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because `ansicstr()` in `lib/sh/strtrans.c` mishandles `u32cconv()`. **Recommendations** For GNU Bash versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `echo -e` built-in function to minimize the risk of exploitation. Avoid using the `echo` built-in function with wide characters not supported by the current locale set in the LC CTYPE environment variable until the issue is resolved.