PT-2017-4060 · Zsh+5 · Zsh+5

Richard Maciel Costa

Publicado

2017-12-04

Atualizado

2024-06-15

CVE-2018-1071

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions zsh versions 5.4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the exec.c:hashcmd() function. This could allow a local attacker to cause a denial of service. The vulnerability is associated with the hashcmd() function in the exec.c file, which can lead to a buffer overflow, resulting in a denial of service.

Recommendations For zsh versions 5.4.2 and earlier, consider updating to a version later than 5.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the hashcmd() function in the exec.c file to minimize the risk of exploitation.

Correção

DoS

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

ALT-PU-2018-2144

BDU:2021-01392

CESA-2018_3073

CVE-2018-1071

DLA-1335-1

DLA-2470-1

MGASA-2018-0206

OPENSUSE-SU-2018_1093-1

OPENSUSE-SU-2018_1893-1

OPENSUSE-SU-2018_2966-1

OPENSUSE-SU-2024:11543-1

RHSA-2018:3073

RHSA-2018_3073

SUSE-SU-2018:1072-1

SUSE-SU-2018:1874-1

SUSE-SU-2018_1874-1

SUSE-SU-2022:14910-1

SUSE-SU-2022_14910-1

USN-3608-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2017-4060 · Zsh+5 · Zsh+5

CVE-2018-1071

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 119