CVE-2017-18205 - In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer derefere

CVE-2017-18205

Summary

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.

References

https://access.redhat.com/errata/RHSA-2018:3073
https://security.gentoo.org/glsa/201805-10
https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58
https://usn.ubuntu.com/3593-1/

Vulnerable Configurations

cpe:2.3:a:zsh_project:zsh:*:*:*:*:*:*:*:*
cpe:2.3:a:zsh_project:zsh:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 31-10-2018 - 10:29)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa

id	RHSA-2018:3073

rpms

zsh-0:5.0.2-31.el7
zsh-debuginfo-0:5.0.2-31.el7
zsh-html-0:5.0.2-31.el7

refmap via4

gentoo	GLSA-201805-10
misc	https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58
ubuntu	USN-3593-1

Last major update

31-10-2018 - 10:29

Published

27-02-2018 - 22:29

Last modified

31-10-2018 - 10:29