CVE-2012-6711

Name of the Vulnerable Software and Affected Versions GNU Bash versions prior to 4.3

Description A heap-based buffer overflow exists when wide characters, not supported by the current locale set in the LC CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the echo -e built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().

Recommendations For GNU Bash versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the echo -e built-in function to minimize the risk of exploitation. Avoid using the echo built-in function with wide characters not supported by the current locale set in the LC CTYPE environment variable until the issue is resolved.