Published: 28/03/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zsh zsh
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 17.10
debian debian linux 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server 6.0
redhat enterprise linux workstation 6.0

Several security issues were fixed in Zsh ...

Synopsis Moderate: zsh security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for zsh is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Synopsis Moderate: zsh security update Type/Severity Security Advisory: Moderate Topic An update for zsh is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...

Debian Bug report logs - #894044 zsh: CVE-2018-1071 Package: src:zsh; Maintainer for src:zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 19:06:01 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Fo ...

Debian Bug report logs - #894043 zsh: CVE-2018-1083 Package: src:zsh; Maintainer for src:zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 19:03:02 UTC Severity: normal Tags: fixed-upstream, patch, security, upstream Fo ...

1553531: Stack-based buffer overflow in execc:hashcmd()zsh through version 542 is vulnerable to a stack-based buffer overflow in the execc:hashcmd() function A local attacker could exploit this to cause a denial of service(CVE-2018-1071) Stack-based buffer overflow in gen_matches_files() at compctlcA buffer overflow flaw was found in the zsh ...

A buffer overflow flaw was found in the zsh shell symbolic link resolver A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path If the user affected is privileged, this leads to privilege escalation(CVE ...

A buffer overflow flaw was found in the zsh shell auto-complete functionality A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path If the user affected is privileged, this leads to privilege escalation ...

CWE-119 https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 https://bugzilla.redhat.com/show_bug.cgi?id=1557382 https://usn.ubuntu.com/3608-1/https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html http://www.securityfocus.com/bid/103572 https://access.redhat.com/errata/RHSA-2018:1932 https://security.gentoo.org/glsa/201805-10 https://access.redhat.com/errata/RHSA-2018:3073 https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html https://usn.ubuntu.com/3608-1/https://nvd.nist.gov

CVE-2018-1083

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect