Multiple vulnerabilities in SourceForge zsh

Published: 2018-03-07 14:55:26
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2017-18206
CVE-2018-7549
CVE-2018-7548
CVSSv3 3.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.5 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-120
CWE-20
CWE-476
Exploitation vector Local
Public exploit Not available
Vulnerable software zsh
Vulnerable software versions zsh 5.0.0
zsh 5.0.1
zsh 5.0.2
Show more
Vendor URL SourceForge

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.

Remediation

Update to version 5.4.

External links

https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d/

2) Improper input validation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the params.c source code file due to improper handling of hash tables. A local attacker can copy an empty hash table with the typeset -p command and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd/

3) NULL pointer dereference

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the subst.c source code file due to a NULL pointer dereference. A local attacker can implement ${(PA)...} characters on an empty array result, trigger a NULL pointer dereference condition and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102

Back to List