Published: 05/09/2018 Updated: 01/12/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in zsh prior to 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
zsh zsh

Debian Bug report logs - #908000 zsh: CVE-2018-0502 + CVE-2018-13259: Two security bugs in shebang line parsing Package: zsh; Maintainer for zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Source for zsh is src:zsh (PTS, buildd, popcon) Reported by: Axel Beckert <abe@debianorg> Date: Wed, 5 S ...

Zsh could be made to execute arbitrary code if it received a specially crafted script ...

An issue was discovered in zsh before 56 The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line(CVE-2018-0502) It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes A local attacker may use this flaw to mak ...

An issue was discovered in zsh before 56 The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line ...

CWE-20 https://www.zsh.org/mla/zsh-announce/136 https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d https://bugs.debian.org/908000 https://usn.ubuntu.com/3764-1/https://security.gentoo.org/glsa/201903-02 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908000 https://usn.ubuntu.com/3764-1/https://nvd.nist.gov

CVE-2018-0502

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect