CVE-2017-18205 – zsh: NULL dereference in cd in sh compatibility mode under given circumstances
https://notcve.org/view.php?id=CVE-2017-18205
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. En builtin.c en zsh, en versiones anteriores a la 5.4, cuando se emplea el modo de compatibilidad sh, hay una desreferencia de puntero NULL durante el procesamiento del comando cd sin argumento si no está establecido HOME. A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58 https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2017-18205 https://bugzilla.redhat.com/show_bug.cgi?id=1549862 • CWE-476: NULL Pointer Dereference CWE-665: Improper Initialization •
CVE-2018-7548
https://notcve.org/view.php?id=CVE-2018-7548
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. En subst.c en zsh, hasta la versión 5.4.2, hay una desreferencia de puntero NULL al emplear ${(PA)...} en un resultado de array vacío. • https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 https://usn.ubuntu.com/3593-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2018-7549 https://bugzilla.redhat.com/show_bug.cgi?id=1549858 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVE-2014-10072 – zsh: buffer overflow when scanning very long directory paths for symbolic links
https://notcve.org/view.php?id=CVE-2014-10072
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. En utils.c en zsh, en versiones anteriores a la 5.0.6, hay un desbordamiento de búfer al escanear rutas de directorio muy largas para detectar enlaces simbólicos. A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploit this vulnerability to cause a denial of service condition on the target. • https://access.redhat.com/errata/RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:3073 https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210 https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2014-10072 https://bugzilla.redhat.com/show_bug.cgi?id=1549836 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2014-10071 – zsh: buffer overflow for very long fds in >& fd syntax
https://notcve.org/view.php?id=CVE-2014-10071
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. En exec.c en zsh, en versiones anteriores a la 5.0.7, hay un desbordamiento de búfer para un fds muy largo en la sintaxis "> fd". A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055 https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2014-10071 https://bugzilla.redhat.com/show_bug.cgi?id=1549855 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •