CVE-2014-10070 — Eval Injection in ZSH

CWE-264 CWE-95 — Eval Injection9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 64.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZSH Debian ZSH ZSH Project ZSH

Timeline

PublishedFeb 27

Latest updateMay 14

Description

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/zsh< zsh 5.0.7-3 (bookworm)

▶Debianzsh/zsh< 5.0.7-3+3

▶Ubuntuzsh/zsh< 5.0.2-3ubuntu6.1+1

▶NVDzsh_project/zsh5.0.6

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-4x2g-x3r2-29r6: zsh before 5↗2022-05-14

▶

OSV

zsh vulnerabilities↗2018-03-08

▶

OSV

CVE-2014-10070: zsh before 5↗2018-02-27

▶

📋Vendor Advisories

Ubuntu

Zsh vulnerabilities↗2018-03-08

▶

Red Hat

zsh: privilege escalation via environment variables↗2018-02-26

▶

Debian

CVE-2014-10070: zsh - zsh before 5.0.7 allows evaluation of the initial values of integer variables im...↗2014

▶

💬Community

Bugzilla

CVE-2014-10070 zsh: privilege escalation via environment variables↗2018-02-26

▶

Bugzilla

CVE-2014-10070 zsh: privilege escalation via environment variables [fedora-all]↗2018-02-26

▶