Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-7548

Published: 27/02/2018 Updated: 05/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Zsh

Vulnerability Summary

In subst.c in zsh up to and including 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

Vulnerable Product Search on Vulmon Subscribe to Product

zsh zsh

canonical ubuntu linux 17.10

Vendor Advisories

Ubuntu Security Notice: zsh vulnerabilities
Several security issues were fixed in Zsh ...
Amazon Linux 2: ALAS2-2018-986
NULL dereference in cd in sh compatibility mode under given circumstancesIn builtinc in zsh before 54, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set (CVE-2017-18205) Null-pointer deref when using ${(PA)} on an empty array result:In substc in zsh ...
Arch Linux Issues:
In substc in zsh through 542, there is a NULL pointer dereference when using ${(PA)} on an empty array result ...

References

CWE-476https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102https://usn.ubuntu.com/3593-1/https://security.gentoo.org/glsa/201805-10https://usn.ubuntu.com/3593-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook