Unrated severityNVD Advisory· Published Mar 28, 2018· Updated Sep 16, 2024

CVE-2018-1083

Description

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

Affected products

Zsh/Zshv5
Range: before zsh 5.4.2-test-1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:1932mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:3073mitrevendor-advisoryx_refsource_REDHAT
security.gentoo.org/glsa/201805-10mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3608-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/103572mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2018/03/msg00038.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2020/12/msg00000.htmlmitremailing-listx_refsource_MLIST
sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000