CVE-2018-1071

Опубликовано: 09 мар. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 2.1

CVSS3: 5.5

Описание

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Релиз	Статус	Примечание
artful	released	5.2-5ubuntu1.2
devel	released	5.4.2-3ubuntu3
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [5.0.2-3ubuntu6.2]]
esm-infra/xenial	released	5.1.1-1ubuntu2.2
precise/esm	DNE
trusty	released	5.0.2-3ubuntu6.2
trusty/esm	DNE	trusty was released [5.0.2-3ubuntu6.2]
upstream	needs-triage
xenial	released	5.1.1-1ubuntu2.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 20%

0.00063

Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-1071

CVSS3: 3.3

redhat

больше 7 лет назад

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

CVE-2018-1071

CVSS3: 5.5

nvd

больше 7 лет назад

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

CVE-2018-1071

CVSS3: 5.5

debian

больше 7 лет назад

zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...

GHSA-xc49-qj7m-vpp4

CVSS3: 5.5

github

больше 3 лет назад

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

BDU:2021-01392

CVSS3: 5.5

fstec

почти 8 лет назад

Уязвимость функции exec.c:hashcmd() командной оболочки UNIX Zsh, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 20%

0.00063

Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3

CVE-2018-1071

Описание

Пакет zsh

Ссылки на источники

Связанные уязвимости