Описание
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | zsh | Will not fix | ||
| Red Hat Enterprise Linux 6 | zsh | Will not fix | ||
| Red Hat Enterprise Linux 8 | zsh | Not affected | ||
| Red Hat Enterprise Linux 7 | zsh | Fixed | RHSA-2018:3073 | 30.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
2 Low
CVSS3
Связанные уязвимости
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
ELSA-2018-3073: zsh security and bug fix update (MODERATE)
EPSS
2 Low
CVSS3