#VU10855 Buffer overflow in zsh - CVE-2017-18206
Published: March 7, 2018 / Updated: March 7, 2018
Vulnerability identifier: #VU10855
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-18206
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
zsh
zsh
Software vendor:
SourceForge
SourceForge
Description
The vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.
The weakness exists in the utils.c source code file due to insufficient checks on buffer lengths for symlink expansion. A local attacker can send specially crafted input, trigger memory corruption and cause the service to crash.
Remediation
Update to version 5.4.