Skip to main content

Zsh

7 CVEs product

Monthly

CVE-2018-13259 CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-0502 CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-1100 HIGH PATCH This Week

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Zsh Ubuntu Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-1083 HIGH PATCH This Week

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation RCE Buffer Overflow Zsh Ubuntu Linux +4
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-1071 MEDIUM This Month

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Zsh Debian Linux +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-7549 HIGH PATCH This Week

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zsh Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +1
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-7548 CRITICAL PATCH Act Now

{(PA)...} on an empty array result. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Zsh Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.6%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in zsh before 5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ubuntu Linux Zsh
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Zsh +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation RCE Buffer Overflow +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow +6
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zsh Enterprise Linux Desktop +3
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

{(PA)...} on an empty array result. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Zsh +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy