Zsh Project Zsh vulnerabilities
3 known vulnerabilities affecting zsh_project/zsh.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2014-10072CRITICALCVSS 9.8fixed in 5.0.62018-02-27
CVE-2014-10072 [CRITICAL] CWE-119 CVE-2014-10072: In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths f
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
nvd
CVE-2017-18205HIGHCVSS 8.1fixed in 5.42018-02-27
CVE-2017-18205 [HIGH] CWE-476 CVE-2017-18205: In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer derefere
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
nvd
CVE-2014-10070HIGHCVSS 7.8≤ 5.0.62018-02-27
CVE-2014-10070 [HIGH] CWE-264 CVE-2014-10070: zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the envi
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitiz
nvd