CVE-2018-1071

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
zshzsh
𝑥
≤ 5.4.2
debiandebian_linux
7.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zsh
bullseye (security)
5.8-6+deb11u1
fixed
bullseye
5.8-6+deb11u1
fixed
jessie
no-dsa
bookworm
5.9-4
fixed
sid
5.9-8
fixed
trixie
5.9-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zsh
artful
Fixed 5.2-5ubuntu1.2
released
xenial
Fixed 5.1.1-1ubuntu2.2
released
trusty
Fixed 5.0.2-3ubuntu6.2
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103359
https://access.redhat.com/errata/RHSA-2018:3073
https://bugzilla.redhat.com/show_bug.cgi?id=1553531
https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://security.gentoo.org/glsa/201805-10
https://usn.ubuntu.com/3608-1/
http://www.securityfocus.com/bid/103359
https://access.redhat.com/errata/RHSA-2018:3073
https://bugzilla.redhat.com/show_bug.cgi?id=1553531
https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
https://security.gentoo.org/glsa/201805-10
https://usn.ubuntu.com/3608-1/