CentOS 9 : zsh-5.8-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the zsh-5.8-9.el9 build changelog. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This...

Amazon Linux 2023 : zsh, zsh-html (ALAS2023-2023-035)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-035 advisory. A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by ...

Amazon Linux 2022 : zsh, zsh-html (ALAS2022-2022-117)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-117 advisory. A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by ...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2022-1778)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. Th...

Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2022-1594)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : zsh (EulerOS-SA-2022-1594)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. Th...

CLSA-2022-1648567705 Fix of CVE: CVE-2021-45444

CVE-2021-45444: do not expand PROMPTSUBST within argument of prompt-expansion sequences such as file.file to avoid arbitrary code execution...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Zsh vulnerabilities (USN-5325-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5325-1 advisory. Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped...

ROS-20220225-03

Vulnerability in the zsh shell is related to improper neutralization of special elements, used in PROMPTSUBST recursive extension OS commands when processing malicious output. Exploitation of the vulnerability could allow an attacker acting remotely to enter and execute arbitrary commands on the...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

Design/Logic Flaw

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

CVE-2021-45444

A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

CVE-2021-45444

CVE-2021-45444 affects zsh up to version 5.8.0, where an attacker-controlled command output inside the prompt can trigger code execution due to recursive PROMPT_SUBST expansion (notably via a %F argument). Connected advisories confirm the issue in zsh and state the fix as upgrading to zsh 5.8.1. ...

CVE-2021-45444

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...

FreeBSD : zsh -- Arbitrary command execution vulnerability (d923fb0c-8c2f-11ec-aa85-0800270512f4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d923fb0c-8c2f-11ec-aa85-0800270512f4 advisory. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside t...