PT-2017-4059 · Zsh+5 · Zsh+5

Richard Maciel Costa

Published

2017-12-04

Updated

2024-06-15

CVE-2018-1100

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zsh versions 5.4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the checkmailpath function, located in utils.c. This could allow a local attacker to execute arbitrary code in the context of another user, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For zsh versions 5.4.2 and earlier, consider disabling the checkmailpath function as a temporary workaround until a patch is available. Restrict access to sensitive data and ensure proper user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787

Related Identifiers

ALT-PU-2018-2144

BDU:2021-01390

CESA-2018_1932

CESA-2018_3073

CVE-2018-1100

DLA-2470-1

OPENSUSE-SU-2018_1893-1

OPENSUSE-SU-2018_2966-1

OPENSUSE-SU-2024:11543-1

RHSA-2018:1932

RHSA-2018:3073

RHSA-2018_1932

RHSA-2018_3073

SUSE-SU-2018:1037-1

SUSE-SU-2018:1874-1

SUSE-SU-2018_1037-1

SUSE-SU-2022:0733-1

SUSE-SU-2022_0733-1

USN-3764-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2017-4059 · Zsh+5 · Zsh+5

CVE-2018-1100

Weakness Enumeration

Related Identifiers

Affected Products

References · 103