CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14176

HIGH
8.8
CVSS Severity Score
EPSS Score0.1250%
EPSS Percentile8.63th
PublishedNov 27, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Affected Platforms (CPE)

πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 17.04
πŸ“¦
Canonical

Bazaar

<= 2.7.0

References & Advisories

πŸ”— http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html
πŸ”— http://www.ubuntu.com/usn/usn-3411-1
πŸ”— https://bugs.debian.org/874429
πŸ”— https://bugs.launchpad.net/bzr/+bug/1710979
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1486685
πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1058214
πŸ”— https://www.debian.org/security/2017/dsa-4052
πŸ”— http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

Related Vulnerabilities

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...