Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1083

Опубликовано: 28 мар. 2018
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:*
Версия до 5.4.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.00071
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-120
CWE-119

Связанные уязвимости

ubuntu логотип

CVE-2018-1083

CVSS3: 7.8
ubuntu
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

redhat логотип

CVE-2018-1083

CVSS3: 7.5
redhat
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

debian логотип

CVE-2018-1083

CVSS3: 7.8
debian
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...

github логотип

GHSA-pqpc-3fmx-3wqw

CVSS3: 7.8
github
больше 3 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

fstec логотип

BDU:2021-01452

CVSS3: 7.8
fstec
около 8 лет назад

Уязвимость функции автозаполнения оболочки командной оболочки UNIX Zsh, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.00071
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-120
CWE-119