CVE-2014-6271 (Shellshock) - Command Injection via Function Definition Environment Variables in Bash 4.3

CVE-2014-6271 is the original Shellshock vulnerability affecting Bash 4.3 and earlier. The vulnerability occurs in the initialize_shell_variables() function in variables.c where environment variables starting with "() {" are interpreted as function definitions and imported into the shell. However, the parser fails to properly validate the boundary of the function definition, allowing arbitrary code following the closing brace to be executed with the shell's privileges.