Known Vulnerabilities for products from Zsh
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Zsh".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-45444 json | In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrat... | 7.8 - HIGH | 2022-02-14 | 2023-11-07 |
| CVE-2019-20044 json | In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails ... | 7.8 - HIGH | 2020-02-24 | 2023-11-07 |
| CVE-2018-13259 json | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an ex... | 9.8 - CRITICAL | 2018-09-05 | 2020-12-01 |
| CVE-2018-7549 json | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | 7.5 - HIGH | 2018-02-27 | 2019-03-04 |
| CVE-2018-7548 json | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 9.8 - CRITICAL | 2018-02-27 | 2019-03-05 |
| CVE-2018-1100 json | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attac... | 7.8 - HIGH | 2018-04-11 | 2023-11-07 |
| CVE-2018-1083 json | Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivile... | 7.8 - HIGH | 2018-03-28 | 2023-11-07 |
| CVE-2018-1071 json | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker c... | 5.5 - MEDIUM | 2018-03-09 | 2023-02-12 |
| CVE-2018-0502 json | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve... | 9.8 - CRITICAL | 2018-09-05 | 2020-12-01 |
| CVE-2017-18206 json | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 9.8 - CRITICAL | 2018-02-27 | 2020-12-01 |
| CVE-2016-10714 json | In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 9.8 - CRITICAL | 2018-02-27 | 2019-06-11 |
| CVE-2014-10071 json | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | 9.8 - CRITICAL | 2018-02-27 | 2019-06-11 |
| CVE-2007-6209 json | Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 - MEDIUM | 2007-12-04 | 2017-07-29 |
Known software with vulnerabilities from Zsh
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zsh | Zsh | 3.1.5 |