
Vulnerability in GNU/bash path completion feature [pdf] - heyens
https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
======
heyens
Hey HN,

a few weeks ago we found a vulnerability in GNU/bash path completion feature.

The bug has already been fixed by Chet Ramey; the most used Linux
distributions in productions have not been vulnerable.

Unluckily, we were not able to reach the CVE people, but since the bug has
already been fixed, more than two weeks ago, we decided to publish the small
report anyways.

Jens Heyens

<jens.heyens@cispa.saarland>

CISPA <[https://cispa.saarland/>](https://cispa.saarland/>)

Related Reddit thread:
[https://www.reddit.com/r/security/comments/5slvtu/how_do_i_r...](https://www.reddit.com/r/security/comments/5slvtu/how_do_i_request_a_cve_id_for_a_gnubash/)

