VYPR
Unrated severityNVD Advisory· Published Feb 24, 2020· Updated Aug 5, 2024

CVE-2019-20044

CVE-2019-20044

Description

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

41

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.