Vulnerabilities (CVE)

Vendor filter

Zsh Subscribe

Product filter

Zsh Subscribe

Filter

8 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1100 3 Zsh, Canonical, Redhat 5 Zsh, Ubuntu Linux, Enterprise Linux Desktop and 2 more 2019-10-09 7.2
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
CVE-2018-1083 4 Zsh, Canonical, Debian and 1 more 7 Zsh, Ubuntu Linux, Debian Linux and 4 more 2019-10-09 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries...
CVE-2018-1071 4 Zsh, Canonical, Debian and 1 more 6 Zsh, Ubuntu Linux, Debian Linux and 3 more 2019-10-09 2.1
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
CVE-2018-13259 2 Canonical, Zsh 2 Ubuntu Linux, Zsh 2019-08-06 7.5
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
CVE-2014-10071 2 Zsh, Canonical 2 Zsh, Ubuntu Linux 2019-06-11 7.5
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
CVE-2018-7548 3 Zsh Project, Canonical, Zsh 3 Zsh, Ubuntu Linux, Zsh 2019-03-05 7.5
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
CVE-2018-7549 4 Zsh Project, Canonical, Redhat and 1 more 6 Zsh, Ubuntu Linux, Enterprise Linux Desktop and 3 more 2019-03-04 5.0
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2007-6209 1 Zsh 1 Zsh 2017-07-29 4.6
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.