CVE-2018-0502

Published: Sep 5, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

Affected (4)

Products: Canonical: Ubuntu Linux · Zsh: Zsh

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Zsh Zsh	Before 5.6

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

https://bugs.debian.org/908000

Source: security@debian.org

Mailing ListPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

Source: security@debian.org

https://security.gentoo.org/glsa/201903-02

Source: security@debian.org

Third Party Advisory

https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d

Source: security@debian.org

PatchThird Party Advisory

https://usn.ubuntu.com/3764-1/

Source: security@debian.org

Third Party Advisory

https://www.zsh.org/mla/zsh-announce/136

Source: security@debian.org

Mailing ListVendor Advisory

https://bugs.debian.org/908000