Published: 14/02/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

In zsh prior to 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zsh zsh
fedoraproject fedora 34
fedoraproject fedora 35
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
apple mac os x
apple mac os x 10.15.7
apple macos

Several security issues were fixed in Zsh ...

It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name For the oldstable distribution (buster), this problem ...

A vulnerability was found in zsh in the parsecolorchar() function of promptc file This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument This occurs because of recursive PROMPT_SUBST expansion (CVE-2021-45444) ...

In zsh before 581, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument This occurs because of recursive PROMPT_SUBST expansion ...

A vulnerability was found in zsh in the parsecolorchar() function of promptc file This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument This occurs because of recursive PROMPT_SUBST expansion (CVE-2021-45444) ...

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID&nbsp ...

NVD-CWE-noinfo https://zsh.sourceforge.io/releases.html https://vuln.ryotak.me/advisories/63 https://www.debian.org/security/2022/dsa-5078 https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/https://ubuntu.com/security/notices/USN-5325-1 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5078

CVE-2021-45444

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect