PT-2018-6734 · Zsh+5 · Zsh+5

Peter Stephenson

Published

2017-09-04

Updated

2022-03-14

CVE-2017-18205

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: zsh versions prior to 5.4

Description: The issue occurs in sh compatibility mode when processing the cd command without an argument if the HOME variable is not set, resulting in a NULL pointer dereference.

Recommendations: For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider setting the HOME variable before using the cd command in sh compatibility mode.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2017-2148

CESA-2018_3073

CVE-2017-18205

MGASA-2018-0168

OPENSUSE-SU-2018_1093-1

RHSA-2018:3073

RHSA-2018_3073

SUSE-SU-2018:1072-1

SUSE-SU-2022:14910-1

SUSE-SU-2022_14910-1

USN-3593-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Zsh

PT-2018-6734 · Zsh+5 · Zsh+5

CVE-2017-18205

Weakness Enumeration

Related Identifiers

Affected Products

References · 52