Known Vulnerabilities for products from Zsh
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Zsh".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2019-20044 | In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails ... | 7.8 - HIGH | 2020-02-24 | 2023-11-07 |
| CVE-2018-13259 | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an ex... | 9.8 - CRITICAL | 2018-09-05 | 2020-12-01 |
| CVE-2018-7549 | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | 7.5 - HIGH | 2018-02-27 | 2019-03-04 |
| CVE-2018-7548 | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | 9.8 - CRITICAL | 2018-02-27 | 2019-03-05 |
| CVE-2018-1100 | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attac... | 7.8 - HIGH | 2018-04-11 | 2023-11-07 |
| CVE-2018-1083 | Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivile... | 7.8 - HIGH | 2018-03-28 | 2023-11-07 |
| CVE-2018-1071 | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker c... | 5.5 - MEDIUM | 2018-03-09 | 2023-02-12 |
| CVE-2018-0502 | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve... | 9.8 - CRITICAL | 2018-09-05 | 2020-12-01 |
| CVE-2017-18206 | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | 9.8 - CRITICAL | 2018-02-27 | 2020-12-01 |
| CVE-2016-10714 | In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | 9.8 - CRITICAL | 2018-02-27 | 2019-06-11 |
| CVE-2014-10071 | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | 9.8 - CRITICAL | 2018-02-27 | 2019-06-11 |
| CVE-2007-6209 | Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 - MEDIUM | 2007-12-04 | 2017-07-29 |
Known software with vulnerabilities from Zsh
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zsh | Zsh | 3.1.5 |