{
  "threat_severity" : "Moderate",
  "public_date" : "2016-09-16T00:00:00Z",
  "bugzilla" : {
    "description" : "bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution",
    "id" : "1379630",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1379630"
  },
  "cvss" : {
    "cvss_base_score" : "6.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-77",
  "details" : [ "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.", "An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2017-03-21T00:00:00Z",
    "advisory" : "RHSA-2017:0725",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "bash-0:4.1.2-48.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:1931",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "bash-0:4.2.46-28.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "bash",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-7543\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7543" ],
  "name" : "CVE-2016-7543",
  "csaw" : false
}