CVE-2014-10072

Опубликовано: 20 янв. 2014

Источник: redhat

CVSS3: 5

EPSS Низкий

Описание

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploit this vulnerability to cause a denial of service condition on the target.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	zsh	Will not fix
Red Hat Enterprise Linux 8	zsh	Not affected
Red Hat Enterprise Linux 6	zsh	Fixed	RHSA-2018:1932	19.06.2018
Red Hat Enterprise Linux 7	zsh	Fixed	RHSA-2018:3073	30.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=1549836zsh: buffer overflow when scanning very long directory paths for symbolic links

EPSS

Процентиль: 60%

0.00402

Низкий

5 Medium

CVSS3

Связанные уязвимости

CVE-2014-10072

CVSS3: 9.8

ubuntu

больше 7 лет назад

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

CVE-2014-10072

CVSS3: 9.8

nvd

больше 7 лет назад

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

CVE-2014-10072

CVSS3: 9.8

debian

больше 7 лет назад

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanni ...

GHSA-qgqf-33rj-w264

CVSS3: 9.8

github

больше 3 лет назад

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

ELSA-2018-1932

oracle-oval

больше 7 лет назад

ELSA-2018-1932: zsh security update (MODERATE)

EPSS

Процентиль: 60%

0.00402

Низкий

5 Medium

CVSS3