Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1083

Опубликовано: 28 мар. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.2
CVSS3: 7.8

Описание

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

РелизСтатусПримечание
artful

released

5.2-5ubuntu1.2
devel

released

5.4.2-3ubuntu3
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [5.0.2-3ubuntu6.2]]
esm-infra/xenial

released

5.1.1-1ubuntu2.2
precise/esm

DNE

trusty

released

5.0.2-3ubuntu6.2
trusty/esm

DNE

trusty was released [5.0.2-3ubuntu6.2]
upstream

needs-triage

xenial

released

5.1.1-1ubuntu2.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 22%
0.00071
Низкий

7.2 High

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1083

CVSS3: 7.5
redhat
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

nvd логотип

CVE-2018-1083

CVSS3: 7.8
nvd
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

debian логотип

CVE-2018-1083

CVSS3: 7.8
debian
больше 7 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...

github логотип

GHSA-pqpc-3fmx-3wqw

CVSS3: 7.8
github
больше 3 лет назад

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

fstec логотип

BDU:2021-01452

CVSS3: 7.8
fstec
около 8 лет назад

Уязвимость функции автозаполнения оболочки командной оболочки UNIX Zsh, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 22%
0.00071
Низкий

7.2 High

CVSS2

7.8 High

CVSS3