Subject: [ASA-201804-7] zsh: denial of service Arch Linux Security Advisory ASA-201804-7 ========================================= Severity: Medium Date : 2018-04-19 CVE-ID : CVE-2018-7548 CVE-2018-7549 Package : zsh Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-642 Summary ======= The package zsh before version 5.5-1 is vulnerable to denial of service. Resolution ========== Upgrade to 5.5-1. # pacman -Syu "zsh>=5.5-1" The problems have been fixed upstream in version 5.5. Workaround ========== None. Description =========== - CVE-2018-7548 (denial of service) In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. - CVE-2018-7549 (denial of service) In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Impact ====== A local attacker can cause a denial of service via a specially input. References ========== https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd https://security.archlinux.org/CVE-2018-7548 https://security.archlinux.org/CVE-2018-7549