CVE-2018-13259

Synopsis Moderate: zsh security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for zsh is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score ...

Debian Bug report logs - #908000 zsh: CVE-2018-0502 + CVE-2018-13259: Two security bugs in shebang line parsing Package: zsh; Maintainer for zsh is Debian Zsh Maintainers <pkg-zsh-devel@listsaliothdebianorg>; Source for zsh is src:zsh (PTS, buildd, popcon) Reported by: Axel Beckert <abe@debianorg> Date: Wed, 5 S ...

Zsh could be made to execute arbitrary code if it received a specially crafted script ...

An issue was discovered in zsh before 56 The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line(CVE-2018-0502) It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes A local attacker may use this flaw to mak ...

It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one(CVE-2018-13259) ...

It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one ...

An issue was discovered in zsh before 56 Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one ...