Lucene search

K

Veracode Vulnerability DatabaseVERACODE:19365

HistoryMay 16, 2019 - 3:01 a.m.

Arbitrary Code Execution

2019-05-1603:01:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

EPSS

0.001

Percentile

35.9%

Zsh is vulnerable to arbitrary code execution. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path.

References

www.securityfocus.com/bid/103572

access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html

access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

access.redhat.com/errata/RHSA-2018:1932

access.redhat.com/errata/RHSA-2018:3073

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1557382

lists.debian.org/debian-lts-announce/2018/03/msg00038.html

lists.debian.org/debian-lts-announce/2020/12/msg00000.html

security.gentoo.org/glsa/201805-10

sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7

usn.ubuntu.com/3608-1/

EPSS

0.001

Percentile

35.9%

Related for VERACODE:19365

alpinelinux1 nessus32 cvelist1 debiancve1 prion1 openvas15 osv3 cve1 redhatcve1 ubuntucve1 nvd1 debian2 mageia1 ubuntu1 suse4 amazon2 fedora3 redhat2 oraclelinux2 centos2 gentoo1 slackware1 photon2