CVE-2018-1083

2018-03-2813:29:00

Google

osv.dev

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

CPENameOperatorVersion
zsheq5.4.1-r3
zsheq5.4.2-r0
zsheqzsh-4.2.0
zsheqzsh-5.0.3
zsheqzsh-4.1.0-dev-1
zsheqzsh-5.0.5
zsheqzsh-5.1.1-test-1
zsheqzsh-3.1.6-dev-21
zsheqzsh-4.3.10-test-3
zsheqzsh-5.2-test-3

Name	Operator	Version
zsh	eq	5.4.1-r3
zsh	eq	5.4.2-r0
zsh	eq	zsh-4.2.0
zsh	eq	zsh-5.0.3
zsh	eq	zsh-4.1.0-dev-1
zsh	eq	zsh-5.0.5
zsh	eq	zsh-5.1.1-test-1
zsh	eq	zsh-3.1.6-dev-21
zsh	eq	zsh-4.3.10-test-3
zsh	eq	zsh-5.2-test-3