Multiple vulnerabilities in SourceForge zsh

Published: 2018-03-07 14:55:26
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2017-18206
CVE-2018-7549
CVE-2018-7548
CVSSv3 3.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-120
CWE-20
CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software zsh
Vulnerable software versions zsh 5.0.0
zsh 5.0.1
zsh 5.0.2

Show more

Vendor URL SourceForge

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.

Remediation

Update to version 5.4.

External links

https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d/

2) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the params.c source code file due to improper handling of hash tables. A local attacker can copy an empty hash table with the typeset -p command and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd/

3) NULL pointer dereference

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the subst.c source code file due to a NULL pointer dereference. A local attacker can implement ${(PA)...} characters on an empty array result, trigger a NULL pointer dereference condition and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102

Back to List