CVE-2018-0502 — Improper Input Validation in ZSH

CWE-20 — Improper Input Validation9 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 29.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZSH Debian ZSH Canonical Ubuntu Linux

Timeline

PublishedSep 5

Latest updateMay 13

Description

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDzsh/zsh< 5.6

▶debiandebian/zsh< zsh 5.6-1 (bookworm)

▶Debianzsh/zsh< 5.6-1+3

▶Ubuntuzsh/zsh< 5.0.2-3ubuntu6.3+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: bugs.debian.org ↗Patch: sourceforge.net ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-m962-vg7f-29fx: An issue was discovered in zsh before 5↗2022-05-13

▶

OSV

zsh vulnerabilities↗2018-09-11

▶

OSV

CVE-2018-0502: An issue was discovered in zsh before 5↗2018-09-05

▶

📋Vendor Advisories

Ubuntu

Zsh vulnerabilities↗2018-09-11

▶

Red Hat

zsh: Improper parsing of the shebang line with special chars↗2018-09-04

▶

Debian

CVE-2018-0502: zsh - An issue was discovered in zsh before 5.6. The beginning of a #! script file was...↗2018

▶

💬Community

Bugzilla

CVE-2018-0502 zsh: Improper parsing of the shebang line with special chars [fedora-all]↗2018-09-06

▶

Bugzilla

CVE-2018-0502 zsh: Improper parsing of the shebang line with special chars↗2018-09-06

▶