PT-2017-4060 · Zsh+5 · Zsh+5

Richard Maciel Costa

Published

2017-12-04

Updated

2024-06-15

CVE-2018-1071

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions zsh versions 5.4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the exec.c:hashcmd() function. This could allow a local attacker to cause a denial of service. The vulnerability is associated with the hashcmd() function in the exec.c file, which can lead to a buffer overflow, resulting in a denial of service.

Recommendations For zsh versions 5.4.2 and earlier, consider updating to a version later than 5.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the hashcmd() function in the exec.c file to minimize the risk of exploitation.

Fix

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

ALT-PU-2018-2144

BDU:2021-01392

CESA-2018_3073

CVE-2018-1071

DLA-1335-1

DLA-2470-1

MGASA-2018-0206

OPENSUSE-SU-2018_1093-1

OPENSUSE-SU-2018_1893-1

OPENSUSE-SU-2018_2966-1

OPENSUSE-SU-2024:11543-1

RHSA-2018:3073

RHSA-2018_3073

SUSE-SU-2018:1072-1

SUSE-SU-2018:1874-1

SUSE-SU-2018_1874-1

SUSE-SU-2022:14910-1

SUSE-SU-2022_14910-1

USN-3608-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2017-4060 · Zsh+5 · Zsh+5

CVE-2018-1071

Weakness Enumeration

Related Identifiers

Affected Products

References · 119