CVE-2018-7548 — NULL Pointer Dereference in ZSH

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

9.8CRITICALNVD

OSV7.8

EPSS

0.4%

top 40.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZSH Debian ZSH Canonical Ubuntu Linux

Timeline

PublishedFeb 27

Latest updateMay 14

Description

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/zsh< zsh 5.5-1 (bookworm)

▶Debianzsh/zsh< 5.5-1+3

▶Ubuntuzsh/zsh< 5.0.2-3ubuntu6.1+1

▶NVDzsh/zsh5.4.2

Also affects: Ubuntu Linux 17.10

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-52h6-vcv4-gr3c: In subst↗2022-05-14

▶

OSV

zsh vulnerabilities↗2018-03-08

▶

OSV

CVE-2018-7548: In subst↗2018-02-27

▶

📋Vendor Advisories

Ubuntu

Zsh vulnerabilities↗2018-03-08

▶

Debian

CVE-2018-7548: zsh - In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ...↗2018

▶

Red Hat

zsh: null-pointer deref when using ${(PA)...} on an empty array result↗2017-03-24

▶

💬Community

Bugzilla

CVE-2018-7548 zsh: null-pointer deref when using ${(PA)...} on an empty array result [fedora-all]↗2018-02-27

▶

Bugzilla

CVE-2018-7548 zsh: null-pointer deref when using ${(PA)...} on an empty array result↗2018-02-27

▶