返回 CVE 瀏覽器

CVE-2017-14176

HIGH

8.8

CVSS Severity Score

EPSS Score0.1250%

EPSS Percentile8.63th

Published2017年11月27日

Last Modified2026年5月13日

Vulnerability Description

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Affected Platforms (CPE)

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 17.04

📦

Canonical

Bazaar

<= 2.7.0

References & Advisories

🔗 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

🔗 http://www.ubuntu.com/usn/usn-3411-1

🔗 https://bugs.debian.org/874429

🔗 https://bugs.launchpad.net/bzr/+bug/1710979

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1486685

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1058214

🔗 https://www.debian.org/security/2017/dsa-4052

🔗 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

相關漏洞威脅

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...