CVE-2018-0502
Summary
| CVE | CVE-2018-0502 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2018-09-05 08:29:00 UTC |
|---|
| Updated | 2020-12-01 07:15:00 UTC |
|---|
| Description | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| USN-3764-1: Zsh vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
Third Party Advisory |
| #908000 - zsh: CVE-2018-0502 + CVE-2018-13259: Two security bugs in shebang line parsing - Debian Bug report logs |
MISC |
bugs.debian.org |
Mailing List, Patch, Third Party Advisory |
| [SECURITY] [DLA 2470-1] zsh security update |
MLIST |
lists.debian.org |
|
| Zsh: User-assisted execution of arbitrary code (GLSA 201903-02) — Gentoo security |
GENTOO |
security.gentoo.org |
Third Party Advisory |
| zsh / Code / Commit [1c4c7b] |
MISC |
sourceforge.net |
Patch, Third Party Advisory |
| www.zsh.org/mla/zsh-announce/136 |
MISC |
www.zsh.org |
Mailing List, Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710196 Gentoo Linux Zsh User-assisted execution of arbitrary code Vulnerability (GLSA 201903-02)
- 751638 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0161-1)
- 753235 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:14910-1)
