Published: 09/03/2018 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zsh zsh
debian debian linux 7.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0

Synopsis Moderate: zsh security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for zsh is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Several security issues were fixed in Zsh ...

Debian Bug report logs - #894044 zsh: CVE-2018-1071 Package: src:zsh; Maintainer for src:zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 19:06:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Fo ...

Debian Bug report logs - #894043 zsh: CVE-2018-1083 Package: src:zsh; Maintainer for src:zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 19:03:02 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Fo ...

1553531: Stack-based buffer overflow in execc:hashcmd()zsh through version 542 is vulnerable to a stack-based buffer overflow in the execc:hashcmd() function A local attacker could exploit this to cause a denial of service(CVE-2018-1071) Stack-based buffer overflow in gen_matches_files() at compctlcA buffer overflow flaw was found in the zsh ...

A buffer overflow flaw was found in the zsh shell symbolic link resolver A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path If the user affected is privileged, this leads to privilege escalation(CVE ...

zsh through version 542 is vulnerable to a stack-based buffer overflow in the execc:hashcmd() function A local attacker could exploit this to cause a denial of service ...

CWE-121 https://bugzilla.redhat.com/show_bug.cgi?id=1553531 http://www.securityfocus.com/bid/103359 https://usn.ubuntu.com/3608-1/https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html https://security.gentoo.org/glsa/201805-10 https://access.redhat.com/errata/RHSA-2018:3073 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://access.redhat.com/errata/RHSA-2018:3073 https://usn.ubuntu.com/3608-1/https://nvd.nist.gov

CVE-2018-1071

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect