CVE-2018-1083

Name
CVE-2018-1083
Description
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1557382
Third Party Advisory https://usn.ubuntu.com/3608-1/
Mailing List https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html
Third Party Advisory http://www.securityfocus.com/bid/103572
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1932
Third Party Advisory https://security.gentoo.org/glsa/201805-10
Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3073
MLIST https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:zsh:zsh:*:*:*:*:*:*:*:* zsh >= None <= 5.4.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
zsh edge-main 5.4.2-r1 None fixed
zsh 3.22-main 5.4.2-r1 None fixed
zsh 3.21-main 5.4.2-r1 None fixed
zsh 3.20-main 5.4.2-r1 None fixed
zsh 3.19-main 5.4.2-r1 None fixed
zsh 3.18-main 5.4.2-r1 None fixed
zsh 3.17-main 5.4.2-r1 None fixed
zsh 3.12-main 5.4.2-r1 None fixed
zsh 3.11-main 5.4.2-r1 None fixed
zsh 3.10-main 5.4.2-r1 None fixed