CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7548 – Slackware Security Advisory - zsh Updates
https://notcve.org/view.php?id=CVE-2018-7548
27 Feb 2018 — In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. En subst.c en zsh, hasta la versión 5.4.2, hay una desreferencia de puntero NULL al emplear ${(PA)...} en un resultado de array vacío. It was discovered that Zsh incorrectly handled certain environment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. • https://security.gentoo.org/glsa/201805-10 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
27 Feb 2018 — In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. It was discovered that Zsh incorrectly handled... • https://access.redhat.com/errata/RHSA-2018:3073 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10070 – Ubuntu Security Notice USN-3593-1
https://notcve.org/view.php?id=CVE-2014-10070
27 Feb 2018 — zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. zsh, en versiones anteriores a la 5.0.7, permite la evaluación de los v... • http://zsh.sourceforge.net/releases.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-10071 – zsh: buffer overflow for very long fds in >& fd syntax
https://notcve.org/view.php?id=CVE-2014-10071
27 Feb 2018 — In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. En exec.c en zsh, en versiones anteriores a la 5.0.7, hay un desbordamiento de búfer para un fds muy largo en la sintaxis "> fd". A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell. It was discovered that Zsh incorrectly handled certain environment variables. • https://access.redhat.com/errata/RHSA-2018:3073 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-10072 – zsh: buffer overflow when scanning very long directory paths for symbolic links
https://notcve.org/view.php?id=CVE-2014-10072
27 Feb 2018 — In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. En utils.c en zsh, en versiones anteriores a la 5.0.6, hay un desbordamiento de búfer al escanear rutas de directorio muy largas para detectar enlaces simbólicos. A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic l... • https://access.redhat.com/errata/RHSA-2018:1932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6209
https://notcve.org/view.php?id=CVE-2007-6209
04 Dec 2007 — Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. El archivo Util/difflog.pl en zsh versión 4.3.4, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en archivos temporales. • http://osvdb.org/42481 • CWE-264: Permissions, Privileges, and Access Controls •