RSS   Podatności dla 'ZSH'   RSS

2018-02-27
 
CVE-2018-7549

CWE-20
 

 
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

 
 
CVE-2018-7548

CWE-476
 

 
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

 
 
CVE-2014-10070

CWE-264
 

 
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.

 


Copyright 2024, cxsecurity.com

 

Back to Top