Bug #6653: bash: popd controlled free (CVE-2016-9401)
[3.5] bash:popd controlled free (CVE-2016-9401)
A vulnerability was found in popd. It can be tricked to free a user supplied address in the following way:
$ popd +-111111
This could be used to bypass restricted shells (rsh) on some environments to cause use-after-free.