CVE-2014-10070

EUVD-2014-1137
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Affected Products (NVD)
VendorProductVersion
zsh_projectzsh
𝑥
≤ 5.0.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zsh
bookworm
5.9-4
fixed
bullseye
5.8-6+deb11u1
fixed
bullseye (security)
5.8-6+deb11u1
fixed
sid
5.9-8
fixed
trixie
5.9-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zsh
artful
Fixed 5.2-5ubuntu1.1
released
trusty
Fixed 5.0.2-3ubuntu6.1
released
xenial
not-affected
Common Weakness Enumeration
References
http://zsh.sourceforge.net/releases.html
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
https://usn.ubuntu.com/3593-1/
http://zsh.sourceforge.net/releases.html
https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
https://usn.ubuntu.com/3593-1/