Advisory ROSA-SA-2021-2005

Software: zsh 5.0.2
OS: Cobalt 7.9

CVE-ID: CVE-2014-10070
CVE-Crit: HIGH
CVE-DESC: zsh before 5.0.7 allows the initial values of integer variables imported from the environment to be evaluated (instead of treating them as literal numbers). This may allow local privilege escalation under some specific and atypical conditions when zsh is invoked in the context of privilege escalation when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where env_reset is disabled.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-10714
CVE-Crit: CRITICAL
CVE-DESC: In zsh prior to version 5.3, a single bug caused buffers intended to support PATH_MAX characters to be reduced in size.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-0502
CVE-Crit: CRITICAL
CVE-DESC: a problem was found in zsh before version 5.6. The start #! script file was mishandled, which could cause execve to be called for the program named in the second line.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2018-7548
CVE-Crit: CRITICAL
CVE-DESC: in subst.c in zsh before 5.4.2 dereferencing a null pointer when using $ {(PA) …} for an empty array result.
CVE-STATUS: default
CVE-REV: default