CVEs (13)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
4Apple DebianFedoraproject+1 more5Debian Linux FedoraMac Os X+2 moreNov 21, 2024 Feb 14, 2022 N/A· v4 7.8 HIGH· v3 5.1 MEDIUM· v2 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. |
4Apple DebianFedoraproject+1 more8Debian Linux FedoraIpados+5 moreNov 21, 2024 Feb 24, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH...Show more |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Sep 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Sep 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. |
3Canonical RedhatZsh5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreNov 21, 2024 Apr 11, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. |
4Canonical DebianRedhat+1 more6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 Mar 28, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the con...Show more |
4Canonical DebianRedhat+1 more6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 moreNov 21, 2024 Mar 9, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. |
3Canonical RedhatZsh5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 moreNov 21, 2024 Feb 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Feb 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Feb 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Feb 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. |
2Canonical Zsh2Ubuntu Linux ZshNov 21, 2024 Feb 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. |
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |