CVE-2021-45444

Summary

CVE	CVE-2021-45444
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-14 12:15:00 UTC
Updated	2023-11-07 03:39:00 UTC
Description	In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-005	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-007	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-002	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-003	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-006	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-007	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-008	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2022-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2022-002	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2022-003	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Application	Zsh	Zsh	All	All	All	All

References

Reference	Source	Link	Tags
About the security content of macOS Big Sur 11.6.6 - Apple Support	CONFIRM	support.apple.com
Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4	FULLDISC	seclists.org
About the security content of macOS Monterey 12.4 - Apple Support	CONFIRM	support.apple.com
[SECURITY] Fedora 34 Update: zsh-5.8.1-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
ZSH - Release Notes	MISC	zsh.sourceforge.io
About the security content of Security Update 2022-004 Catalina - Apple Support	CONFIRM	support.apple.com
[SECURITY] [DLA 2926-1] zsh security update	MLIST	lists.debian.org	Mailing List, Third Party Advisory
Advisory #63 - RyotaK's Vuln DB	MISC	vuln.ryotak.me
[SECURITY] Fedora 34 Update: zsh-5.8.1-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: zsh-5.8.1-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 35 Update: zsh-5.8.1-1.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6	FULLDISC	seclists.org
Debian -- Security Information -- DSA-5078-1 zsh	DEBIAN	www.debian.org	Third Party Advisory
Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina	FULLDISC	seclists.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159816 Oracle Enterprise Linux Security Update for zsh (ELSA-2022-2120)
179082 Debian Security Update for zsh (DSA 5078-1)
179087 Debian Security Update for zsh (DLA 2926-1)
184075 Debian Security Update for zsh (CVE-2021-45444)
198699 Ubuntu Security Notification for Zsh Vulnerabilities (USN-5325-1)
240283 Red Hat Update for zsh (RHSA-2022:2120)
282390 Fedora Security Update for zsh (FEDORA-2022-adf0c6d196)
282417 Fedora Security Update for zsh (FEDORA-2022-0a06987c3c)
296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
353180 Amazon Linux Security Advisory for zsh : ALAS2-2022-1757
354358 Amazon Linux Security Advisory for zsh : ALAS2022-2022-180
354424 Amazon Linux Security Advisory for zsh : ALAS2022-2022-117
354494 Amazon Linux Security Advisory for zsh : ALAS2022-2022-034
355236 Amazon Linux Security Advisory for zsh : ALAS2023-2023-035
376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
500834 Alpine Linux Security Update for zsh
504571 Alpine Linux Security Update for zsh
671546 EulerOS Security Update for zsh (EulerOS-SA-2022-1594)
671708 EulerOS Security Update for zsh (EulerOS-SA-2022-1778)
690791 Free Berkeley Software Distribution (FreeBSD) Security Update for zsh (d923fb0c-8c2f-11ec-aa85-0800270512f4)
751797 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0732-1)
751799 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0733-1)
751806 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0735-1)
751807 OpenSUSE Security Update for zsh (openSUSE-SU-2022:0735-1)
900674 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8573)
901957 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8586)
902118 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8586-1)
940493 AlmaLinux Security Update for zsh (ALSA-2022:2120)
960224 Rocky Linux Security Update for zsh (RLSA-2022:2120)