CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
zsh_projectzsh
𝑥
≤ 5.0.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zsh
bullseye (security)
5.8-6+deb11u1
fixed
bullseye
5.8-6+deb11u1
fixed
bookworm
5.9-4
fixed
sid
5.9-8
fixed
trixie
5.9-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zsh
artful
Fixed 5.2-5ubuntu1.1
released
xenial
not-affected
trusty
Fixed 5.0.2-3ubuntu6.1
released
Common Weakness Enumeration
References
http://zsh.sourceforge.net/releases.html
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
https://usn.ubuntu.com/3593-1/
http://zsh.sourceforge.net/releases.html
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
https://usn.ubuntu.com/3593-1/