CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-45444 – zsh: Prompt expansion vulnerability
https://notcve.org/view.php?id=CVE-2021-45444
13 Feb 2022 — In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. En zsh versiones anteriores a 5.8.1, un atacante puede lograr una ejecución de código si controla la salida de un comando dentro del prompt, como lo demuestra un argumento %F. Esto ocurre debido a la expansión recursiva PROMPT_SUBST A vulnerability was found in zsh in the parsecolorchar() function of prompt.... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2019-20044 – zsh: insecure dropping of privileges when unsetting PRIVILEGED option
https://notcve.org/view.php?id=CVE-2019-20044
24 Feb 2020 — In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). En Zsh versiones anteriores a 5.8, los atacantes capaces de ejecutar comandos pueden recuperar privilegios eliminados mediante la opción --no-PRIVILEGED. Zsh presenta un fallo al sobrescribir el uid guardado, ya que los privilegio... • http://seclists.org/fulldisclosure/2020/May/49 • CWE-271: Privilege Dropping / Lowering Errors CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-0502 – Gentoo Linux Security Advisory 201903-02
https://notcve.org/view.php?id=CVE-2018-0502
05 Sep 2018 — An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. El comienzo de un archivo de script #! • https://bugs.debian.org/908000 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-13259 – zsh: Improper handling of shebang line longer than 64
https://notcve.org/view.php?id=CVE-2018-13259
05 Sep 2018 — An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. Se ha descubierto un problema en versiones anteriores a la 5.6 de zsh. Las líneas Shebang que exceden los 64 estaban truncadas, lo que podría conducir a una llamada execve a un programa nombrado que es una subcadena del planeado. It was discovered that zsh does not properly validate the shebang of input files and it ... • https://access.redhat.com/errata/RHSA-2019:2017 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1100 – zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-1100
11 Apr 2018 — zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. zsh hasta la versión 5.4.2 es vulnerable a un desbordamiento de búfer basado en pila en la función utils.c:checkmailpath. Un atacante local podría explotarlo para ejecutar código arbitrario en el contexto de otro usuario. A buffer overflow flaw was found in the zsh shell check path functionality. A local,... • https://access.redhat.com/errata/RHSA-2018:1932 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1083 – zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
https://notcve.org/view.php?id=CVE-2018-1083
28 Mar 2018 — Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. Zsh en versiones anteriores a la 5.4.2-test-1 es vulnerable a un desbordamiento de búfer en la funcionalidad de autocompletar del shel... • http://www.securityfocus.com/bid/103572 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1071 – zsh: Stack-based buffer overflow in exec.c:hashcmd()
https://notcve.org/view.php?id=CVE-2018-1071
09 Mar 2018 — zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. zsh, hasta la versión 5.4.2, es vulnerable a un desbordamiento de búfer basado en pila en la función exec.c:hashcmd(). Un atacante local podría explotar esta vulnerabilidad para provocar una denegación de servicio (DoS). The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Z... • http://www.securityfocus.com/bid/103359 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-10714 – Ubuntu Security Notice USN-3593-1
https://notcve.org/view.php?id=CVE-2016-10714
27 Feb 2018 — In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. En zsh, en versiones anteriores a la 5.3, un error por un paso resulta en búfers de tamaño menor al esperado que debían soportar caracteres PATH_MAX. It was discovered that Zsh incorrectly handled certain environment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. • https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60 • CWE-189: Numeric Errors •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18205 – zsh: NULL dereference in cd in sh compatibility mode under given circumstances
https://notcve.org/view.php?id=CVE-2017-18205
27 Feb 2018 — In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. En builtin.c en zsh, en versiones anteriores a la 5.4, cuando se emplea el modo de compatibilidad sh, hay una desreferencia de puntero NULL durante el procesamiento del comando cd sin argumento si no está establecido HOME. A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package.... • https://access.redhat.com/errata/RHSA-2018:3073 • CWE-476: NULL Pointer Dereference CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-18206 – zsh: buffer overrun in symlinks
https://notcve.org/view.php?id=CVE-2017-18206
27 Feb 2018 — In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. En utils.c en zsh, en versiones anteriores a la 5.4, la expansión symlink tiene un desbordamiento de búfer. A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privileg... • https://access.redhat.com/errata/RHSA-2018:1932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •