CVE-2021-45444
Published on: Not Yet Published
Last Modified on: 09/30/2022 02:37:00 AM UTC
Certain versions of Macos from Apple contain the following vulnerability:
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
- CVE-2021-45444 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | NONE | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 5.1 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | HIGH | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| About the security content of macOS Big Sur 11.6.6 - Apple Support | support.apple.com text/html |
CONFIRM support.apple.com/kb/HT213256 |
| Full Disclosure: APPLE-SA-2022-05-16-2 macOS Monterey 12.4 | seclists.org text/html |
FULLDISC 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 |
| About the security content of macOS Monterey 12.4 - Apple Support | support.apple.com text/html |
CONFIRM support.apple.com/kb/HT213257 |
| ZSH - Release Notes | zsh.sourceforge.io text/html |
MISC zsh.sourceforge.io/releases.html |
| About the security content of Security Update 2022-004 Catalina - Apple Support | support.apple.com text/html |
CONFIRM support.apple.com/kb/HT213255 |
| [SECURITY] [DLA 2926-1] zsh security update | Mailing List Third Party Advisory lists.debian.org text/html |
MLIST [debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update |
| Advisory #63 - RyotaK's Vuln DB | vuln.ryotak.me text/html |
MISC vuln.ryotak.me/advisories/63 |
| [SECURITY] Fedora 34 Update: zsh-5.8.1-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-0a06987c3c |
| [SECURITY] Fedora 35 Update: zsh-5.8.1-1.fc35 - package-announce - Fedora Mailing-Lists | Mailing List Third Party Advisory lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-adf0c6d196 |
| Full Disclosure: APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 | seclists.org text/html |
FULLDISC 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 |
| Debian -- Security Information -- DSA-5078-1 zsh | Third Party Advisory www.debian.org Depreciated Link text/html |
DEBIAN DSA-5078 |
| Full Disclosure: APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina | seclists.org text/html |
FULLDISC 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina |
Related QID Numbers
- 159816 Oracle Enterprise Linux Security Update for zsh (ELSA-2022-2120)
- 179082 Debian Security Update for zsh (DSA 5078-1)
- 179087 Debian Security Update for zsh (DLA 2926-1)
- 198699 Ubuntu Security Notification for Zsh Vulnerabilities (USN-5325-1)
- 240283 Red Hat Update for zsh (RHSA-2022:2120)
- 282390 Fedora Security Update for zsh (FEDORA-2022-adf0c6d196)
- 282417 Fedora Security Update for zsh (FEDORA-2022-0a06987c3c)
- 296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
- 353180 Amazon Linux Security Advisory for zsh : ALAS2-2022-1757
- 354358 Amazon Linux Security Advisory for zsh : ALAS2022-2022-180
- 354424 Amazon Linux Security Advisory for zsh : ALAS2022-2022-117
- 354494 Amazon Linux Security Advisory for zsh : ALAS2022-2022-034
- 376607 Apple macOS Security Update 2022-004 Catalina (HT213255)
- 376608 Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)
- 376612 Apple macOS Monterey 12.4 Not Installed (HT213257)
- 500834 Alpine Linux Security Update for zsh
- 671546 EulerOS Security Update for zsh (EulerOS-SA-2022-1594)
- 671708 EulerOS Security Update for zsh (EulerOS-SA-2022-1778)
- 690791 Free Berkeley Software Distribution (FreeBSD) Security Update for zsh (d923fb0c-8c2f-11ec-aa85-0800270512f4)
- 751797 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0732-1)
- 751799 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0733-1)
- 751806 SUSE Enterprise Linux Security Update for zsh (SUSE-SU-2022:0735-1)
- 751807 OpenSUSE Security Update for zsh (openSUSE-SU-2022:0735-1)
- 900674 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8573)
- 901957 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8586)
- 902118 Common Base Linux Mariner (CBL-Mariner) Security Update for zsh (8586-1)
- 940493 AlmaLinux Security Update for zsh (ALSA-2022:2120)
- 960224 Rocky Linux Security Update for zsh (RLSA-2022:2120)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | All | All | All | All |
| Operating System | Apple | Mac Os X | All | All | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-005 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2020-007 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-002 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-003 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-006 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-007 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2021-008 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-001 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-002 | All | All |
| Operating System | Apple | Mac Os X | 10.15.7 | security_update_2022-003 | All | All |
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Zsh | Zsh | All | All | All | All |
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @termoshtt |
ZSH - Release Notes zsh.sourceforge.io/releases.html CVE-2021-45444の修正を含むzsh 5.8.1リリース(´・ω・`) | 2022-02-12 16:33:33 |
| @ryotkak |
Zshに脆弱性を報告しました。 (CVE-2021-45444) 5.8.1より前のバージョンのZshは特定のプロンプト設定を使用している場合、プロンプト内のコマンドの出力結果を再帰的に解析します。 これにより、悪意ある文字列を出… twitter.com/i/web/status/1… | 2022-02-12 23:57:22 |
| @ipssignatures |
The vuln CVE-2021-45444 has a tweet created 0 days ago and retweeted 20 times. twitter.com/ryotkak/status… #pow1rtrtwwcve | 2022-02-13 02:06:00 |
| @CVEreport |
CVE-2021-45444 : In zsh before 5.8.1, an attacker can achieve code execution if they control a command output insid… twitter.com/i/web/status/1… | 2022-02-13 06:05:59 |
| @ipssignatures |
The vuln CVE-2021-45444 has a tweet created 0 days ago and retweeted 101 times. twitter.com/ryotkak/status… #pow2rtrtwwcve | 2022-02-13 18:06:00 |
| @MarcCornella |
⚠️ Zsh vulnerability: CVE-2021-45444 [1] allows command injection on some prompt sequences. Safe versions: - zsh… twitter.com/i/web/status/1… | 2022-02-14 10:39:29 |
 /r/netcve |
CVE-2021-45444 | 2022-02-13 06:38:35 |
| /r/k12cybersecurity |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-05-17 13:11:14 |
| /r/k12cybersecurity |
UPDATED MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution - PATCH: NOW | 2022-05-18 14:59:44 |