7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.7%
Issue Overview:
NULL dereference in cd in sh compatibility mode under given circumstances
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205)
Null-pointer deref when using ${(PA)…} on an empty array result:
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)…} on an empty array result. (CVE-2018-7548)
Buffer overrun in xsymlinks
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206)
Crash on copying empty hash table
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549)
Affected Packages:
zsh
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update zsh to update your system.
New Packages:
src:
zsh-5.3.1-7.amzn2.src
x86_64:
zsh-5.3.1-7.amzn2.x86_64
zsh-html-5.3.1-7.amzn2.x86_64
zsh-debuginfo-5.3.1-7.amzn2.x86_64
Red Hat: CVE-2017-18205, CVE-2017-18206, CVE-2018-7548, CVE-2018-7549
Mitre: CVE-2017-18205, CVE-2017-18206, CVE-2018-7548, CVE-2018-7549
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | x86_64 | zsh | < 5.3.1-7.amzn2 | zsh-5.3.1-7.amzn2.x86_64.rpm |
Amazon Linux | 2 | x86_64 | zsh-html | < 5.3.1-7.amzn2 | zsh-html-5.3.1-7.amzn2.x86_64.rpm |
Amazon Linux | 2 | x86_64 | zsh-debuginfo | < 5.3.1-7.amzn2 | zsh-debuginfo-5.3.1-7.amzn2.x86_64.rpm |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.7%