Buffer overflow in zsh - CVE-2017-18206
Published: March 7, 2018 / Updated: March 7, 2018
Vulnerability identifier: #VU10855
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18206
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: SourceForge
Affected software:
zsh
zsh
Detailed vulnerability description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.
The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.
How to mitigate CVE-2017-18206
Update to version 5.4.