Описание
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
A vulnerability was found in zsh in the parsecolorchar() function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPT_SUBST expansion.
Отчет
Red Hat Enterprise Linux 6 and 7 are not affected, because the vulnerable function is not present in the code-base. Red Hat Product Security has rated this issue as having a Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | zsh | Not affected | ||
| Red Hat Enterprise Linux 7 | zsh | Not affected | ||
| Red Hat Enterprise Linux 9 | zsh | Not affected | ||
| Red Hat Enterprise Linux 8 | zsh | Fixed | RHSA-2022:2120 | 10.05.2022 |
| Red Hat Enterprise Linux 8 | zsh | Fixed | RHSA-2022:2120 | 10.05.2022 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
In zsh before 5.8.1, an attacker can achieve code execution if they co ...
7.8 High
CVSS3