The vulnerability of the zsh shell’s command interface, related to the failure to take measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of the zsh shell lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Zsh 操作系统命令注入漏洞

Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh that stems from the recursive PROMPTSUBST extension. In zsh before 5.8.1, an attacker can achieve code execution by controlling the output of commands within the...

The vulnerability of the UNIX command shell Zsh operating systems and Mac OS allows attackers to compromise the integrity of protected information.

The vulnerability of the UNIX command shell Zsh operating systems and Mac OS lies in the improper assignment of permissions to files. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...

Vulnerability of the utils.c:checkmailpath command in the UNIX shell Zsh: This vulnerability involves allowing an operation to exceed the permissible data buffer size. This allows a malicious actor to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the utils.c:checkmailpath command of the UNIX shell Zsh involves allowing the execution of commands beyond the data buffer’s allowed limits. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the UNIX command-line shell script processor Zsh, related to the lack of input validation mechanisms, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the UNIX command-line shell script processor Zsh is related to the improper handling of scripts containing !. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the setuid function in the UNIX command shell Zsh allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the setuid function in the UNIX command shell Zsh is related to incorrect reallocation of the user ID. Exploitation of this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

zsh: NULL dereference in cd in sh compatibility mode under given circumstances

A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell...

zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c

A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affect...

zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution

A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...

zsh utils.c:checkmailpath function stack buffer overflow vulnerability

Z Shell Zsh is a Unix shell that can be used as an interactive login shell and a shell script command interpreter. A stack buffer overflow vulnerability exists in the utils.c:checkmailpath function in zsh. A local attacker can exploit this vulnerability to execute arbitrary code in the context of...

UBUNTU-CVE-2018-1100

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user...

Debian DLA-1335-1 : zsh security update

Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service. CVE-2018-1083 Buffer overflow in the shell autocomplete functionality. A local unprivileged user...

UBUNTU-CVE-2018-1083

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mention...

zsh null pointer dereference vulnerability

zsh is an interactive command interpreter and command programming language used on Linux systems. A security vulnerability exists in the subst.c file in zsh 5.4.2 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service null pointer backreference...

DEBIAN-CVE-2014-10071

In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the "& fd" syntax...

DEBIAN-CVE-2016-10714

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATHMAX characters...

DEBIAN-CVE-2018-7549

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p...

UBUNTU-CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

PT-2017-4092 · Gnu +3 · Zsh +3

Name of the Vulnerable Software and Affected Versions: zsh versions prior to 5.6 Description: The issue is related to the incorrect handling of a script containing !. This could potentially allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of servic...