Sam Foxman

**Name of the Vulnerable Software and Affected Versions** Zsh versions prior to 5.8 **Description** The issue is related to the incorrect overwriting of the saved uid in the Zsh command-line shell, allowing attackers who can execute commands to regain dropped privileges. This can be achieved by executing `MODULE PATH=/dir/with/module zmodload` with a module that calls `setuid()`, thus restoring the original privileges. The exploitation of this issue may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `zmodload` command with modules that call `setuid()` to minimize the risk of exploitation.