CVE-2021-45444 — Command Injection in Apple MAC OS X

CWE-77 — Command Injection12 documents9 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 70.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ZSH Apple MAC OS X Apple Macos +2 more

Timeline

PublishedFeb 14

Latest updateMay 16

Description

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDzsh/zsh< 5.8.1

▶NVDapple/macos11.0 — 11.6.6+1

▶NVDapple/mac_os_x10.15 — 10.15.7+1

▶Debianzsh/zsh< 5.8-6+deb11u1+3

▶Ubuntuzsh/zsh< 5.4.2-3ubuntu3.2+2

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

🔴Vulnerability Details

OSV

zsh vulnerabilities↗2022-03-14

▶

GHSA

GHSA-735j-r9q6-48mw: In zsh before 5↗2022-02-15

▶

OSV

CVE-2021-45444: In zsh before 5↗2022-02-14

▶

CVEList

CVE-2021-45444: In zsh before 5↗2022-02-13

▶

📋Vendor Advisories

Apple

CVE-2021-45444: macOS Big Sur 11.6.6↗2022-05-16

▶

Apple

CVE-2021-45444: Security Update 2022-004 Catalina↗2022-05-16

▶

Apple

CVE-2021-45444: macOS Monterey 12.4↗2022-05-16

▶

Ubuntu

Zsh vulnerabilities↗2022-03-14

▶

Red Hat

zsh: Prompt expansion vulnerability↗2022-02-12

▶