Peter Stephenson

Name of the Vulnerable Software and Affected Versions: zsh versions prior to 5.4 Description: The issue occurs in sh compatibility mode when processing the cd command without an argument if the HOME variable is not set, resulting in a NULL pointer dereference. Recommendations: For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider setting the HOME variable before using the cd command in sh compatibility mode.

Name of the Vulnerable Software and Affected Versions: zsh versions prior to 5.4 Description: The issue is related to a buffer overflow in symlink expansion in the utils.c file of zsh. Recommendations: For versions prior to 5.4, update to version 5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** zsh versions prior to 5.0.7 **Description** The issue allows evaluation of the initial values of integer variables imported from the environment, instead of treating them as literal numbers. This could allow local privilege escalation under specific conditions where zsh is invoked in privilege-elevation contexts and the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env reset" has been disabled. **Recommendations** For versions prior to 5.0.7, update to version 5.0.7 or later to resolve the issue. As a temporary workaround, consider disabling the invocation of zsh by sudo or ensure that "env reset" is enabled to minimize the risk of exploitation.