Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A very advanced and programmable command interpreter (shell) for UNIX
Version 5.5.1-2 [extra]


Group Affected Fixed Severity Status Ticket
AVG-669 5.4.2-2 5.5-1 High Fixed
AVG-652 5.4.2-1 5.5-1 Low Fixed
AVG-642 5.4.2-2 5.5-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2018-7549 AVG-642 Medium No Denial of service
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-7548 AVG-642 Medium No Denial of service
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
CVE-2018-1100 AVG-669 High No Arbitrary code execution
A stack-based buffer overflow has been found in zsh <= 5.4.2, in the checkmailpath() function, where unchecked strings from the MAILCHECK variable are...
CVE-2018-1071 AVG-652 Low No Denial of service
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a...


Date Advisory Group Severity Description
19 Apr 2018 ASA-201804-7 AVG-642 Medium denial of service
11 Apr 2018 ASA-201804-5 AVG-669 High arbitrary code execution