CVE-2014-10070

Name of the Vulnerable Software and Affected Versions zsh versions prior to 5.0.7

Description The issue allows evaluation of the initial values of integer variables imported from the environment, instead of treating them as literal numbers. This could allow local privilege escalation under specific conditions where zsh is invoked in privilege-elevation contexts and the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env reset" has been disabled.

Recommendations For versions prior to 5.0.7, update to version 5.0.7 or later to resolve the issue. As a temporary workaround, consider disabling the invocation of zsh by sudo or ensure that "env reset" is enabled to minimize the risk of exploitation.