ID CVE-2018-7548
Summary In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
References
Vulnerable Configurations
  • Zsh 5.4.2
    cpe:2.3:a:zsh:zsh:5.4.2
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D2DCDBB051.NASL
    description - avoid crash when copying empty hash table (CVE-2018-7549) - avoid NULL dereference when using ```${(PA)...}``` on an empty array (CVE-2018-7548) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120817
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120817
    title Fedora 28 : zsh (2018-d2dcdbb051)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-9CDF18A850.NASL
    description - avoid crash when copying empty hash table (CVE-2018-7549) - avoid NULL dereference when using ```${(PA)...}``` on an empty array (CVE-2018-7548) - fix buffer overrun in xsymlinks (CVE-2017-18206) - fix NULL dereference in cd (CVE-2017-18205) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-21
    plugin id 108506
    published 2018-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108506
    title Fedora 26 : zsh (2018-9cdf18a850)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0028.NASL
    description An update of {'zsh'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111292
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111292
    title Photon OS 2.0 : zsh (PhotonOS-PHSA-2018-2.0-0028) (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0028_ZSH.NASL
    description An update of the zsh package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121928
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121928
    title Photon OS 2.0: Zsh PHSA-2018-2.0-0028
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3593-1.NASL
    description It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071) It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072) It was discovered that Zsh incorrectly handled certain errors. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10714) It was discovered that Zsh incorrectly handled certain commands. An attacker could possibly use this to execute arbitrary code. (CVE-2017-18205) It was discovered that Zsh incorrectly handled certain symlinks. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107257
    published 2018-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107257
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : zsh vulnerabilities (USN-3593-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-019A32A468.NASL
    description - avoid crash when copying empty hash table (CVE-2018-7549) - avoid NULL dereference when using ```${(PA)...}``` on an empty array (CVE-2018-7548) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-19
    plugin id 108306
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108306
    title Fedora 27 : zsh (2018-019a32a468)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201805-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201805-10 (Zsh: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 110174
    published 2018-05-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110174
    title GLSA-201805-10 : Zsh: Multiple vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2019-013-01.NASL
    description New zsh packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 121145
    published 2019-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121145
    title Slackware 14.0 / 14.1 / 14.2 : zsh (SSA:2019-013-01)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-986.NASL
    description NULL dereference in cd in sh compatibility mode under given circumstances In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205) NULL pointer deref when using ${(PA)...} on an empty array result : In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. (CVE-2018-7548) Buffer overrun in xsymlinks In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206) Crash on copying empty hash table In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 109139
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109139
    title Amazon Linux 2 : zsh (ALAS-2018-986)
refmap via4
gentoo GLSA-201805-10
misc https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
ubuntu USN-3593-1
Last major update 27-02-2018 - 17:29
Published 27-02-2018 - 17:29
Last modified 05-03-2019 - 13:30
Back to Top