CVE-2017-18206

Опубликовано: 09 мая 2017

Источник: redhat

CVSS3: 7.5

Описание

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privilege escalation.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	zsh	Will not fix
Red Hat Enterprise Linux 8	zsh	Not affected
Red Hat Enterprise Linux 6	zsh	Fixed	RHSA-2018:1932	19.06.2018
Red Hat Enterprise Linux 7	zsh	Fixed	RHSA-2018:3073	30.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-120->CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1549861zsh: buffer overrun in symlinks

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-18206

CVSS3: 9.8

ubuntu

почти 8 лет назад

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

CVE-2017-18206

CVSS3: 9.8

nvd

почти 8 лет назад

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

CVE-2017-18206

CVSS3: 9.8

debian

почти 8 лет назад

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

GHSA-vpqc-mgq5-m5xg

CVSS3: 9.8

github

больше 3 лет назад

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

ELSA-2018-1932

oracle-oval

больше 7 лет назад

ELSA-2018-1932: zsh security update (MODERATE)

7.5 High

CVSS3