All the vulnerabilites related to zsh - zsh
cve-2007-6209
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/42481 | vdb-entry, x_refsource_OSVDB | |
| http://www.zsh.org/mla/workers/2007/msg01066.html | mailing-list, x_refsource_MLIST | |
| http://www.zsh.org/mla/workers/2007/msg01060.html | mailing-list, x_refsource_MLIST | |
| https://bugs.gentoo.org/show_bug.cgi?id=201022 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/26674 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38812 | vdb-entry, x_refsource_XF | |
| http://www.zsh.org/mla/workers/2007/msg01065.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/27899 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42481"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01066.html"
},
{
"name": "[zsh-workers] 20071202 difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01060.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=201022"
},
{
"name": "26674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26674"
},
{
"name": "zsh-difflog-symlink(38812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38812"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01065.html"
},
{
"name": "27899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42481"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01066.html"
},
{
"name": "[zsh-workers] 20071202 difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01060.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=201022"
},
{
"name": "26674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26674"
},
{
"name": "zsh-difflog-symlink(38812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38812"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.zsh.org/mla/workers/2007/msg01065.html"
},
{
"name": "27899",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42481",
"refsource": "OSVDB",
"url": "http://osvdb.org/42481"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"refsource": "MLIST",
"url": "http://www.zsh.org/mla/workers/2007/msg01066.html"
},
{
"name": "[zsh-workers] 20071202 difflog.pl and \"security\"",
"refsource": "MLIST",
"url": "http://www.zsh.org/mla/workers/2007/msg01060.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=201022",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=201022"
},
{
"name": "26674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26674"
},
{
"name": "zsh-difflog-symlink(38812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38812"
},
{
"name": "[zsh-workers] 20071203 Re: difflog.pl and \"security\"",
"refsource": "MLIST",
"url": "http://www.zsh.org/mla/workers/2007/msg01065.html"
},
{
"name": "27899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6209",
"datePublished": "2007-12-04T00:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0502
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/908000 | x_refsource_MISC | |
| https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d | x_refsource_MISC | |
| https://www.zsh.org/mla/zsh-announce/136 | x_refsource_MISC | |
| https://usn.ubuntu.com/3764-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201903-02 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | zsh before 5.6 |
Version: zsh before 5.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/908000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zsh before 5.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "zsh before 5.6"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper parsing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:17",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/908000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zsh before 5.6",
"version": {
"version_data": [
{
"version_value": "zsh before 5.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper parsing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/908000",
"refsource": "MISC",
"url": "https://bugs.debian.org/908000"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"name": "https://www.zsh.org/mla/zsh-announce/136",
"refsource": "MISC",
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2018-0502",
"datePublished": "2018-09-05T07:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10714
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3593-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10714",
"datePublished": "2018-02-27T22:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1100
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3764-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:1932 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1563395 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zsh",
"vendor": "zsh",
"versions": [
{
"status": "affected",
"version": "through 5.4.2"
}
]
}
],
"datePublic": "2018-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:15",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1100",
"datePublished": "2018-04-11T19:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20044
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:10.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/XMB5/zsh-privileged-upgrade"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"name": "FEDORA-2020-3f38f3e517",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"
},
{
"name": "FEDORA-2020-9009363f0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"
},
{
"name": "GLSA-202003-55",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211175"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT211168"
},
{
"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/May/49"
},
{
"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/May/55"
},
{
"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/May/59"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT211168"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT211170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT211171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT211175"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/XMB5/zsh-privileged-upgrade"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"name": "FEDORA-2020-3f38f3e517",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"
},
{
"name": "FEDORA-2020-9009363f0f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"
},
{
"name": "GLSA-202003-55",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211175"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT211168"
},
{
"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/May/49"
},
{
"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/May/55"
},
{
"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/May/59"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT211168"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT211170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT211171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT211175"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zsh.sourceforge.net/releases.html",
"refsource": "MISC",
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"name": "https://github.com/XMB5/zsh-privileged-upgrade",
"refsource": "MISC",
"url": "https://github.com/XMB5/zsh-privileged-upgrade"
},
{
"name": "https://www.zsh.org/mla/zsh-announce/141",
"refsource": "MISC",
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"name": "[debian-lts-announce] 20200302 [SECURITY] [DLA 2117-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"name": "FEDORA-2020-3f38f3e517",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/"
},
{
"name": "FEDORA-2020-9009363f0f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/"
},
{
"name": "GLSA-202003-55",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"name": "https://support.apple.com/kb/HT211170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211170"
},
{
"name": "https://support.apple.com/kb/HT211175",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211175"
},
{
"name": "https://support.apple.com/kb/HT211171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211171"
},
{
"name": "https://support.apple.com/kb/HT211168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT211168"
},
{
"name": "20200529 APPLE-SA-2020-05-26-1 iOS 13.5 and iPadOS 13.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/May/49"
},
{
"name": "20200529 APPLE-SA-2020-05-26-5 watchOS 6.2.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/May/55"
},
{
"name": "20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/May/53"
},
{
"name": "20200529 APPLE-SA-2020-05-26-4 tvOS 13.4.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/May/59"
},
{
"name": "https://support.apple.com/HT211168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT211168"
},
{
"name": "https://support.apple.com/HT211170",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT211170"
},
{
"name": "https://support.apple.com/HT211171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT211171"
},
{
"name": "https://support.apple.com/HT211175",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT211175"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20044",
"datePublished": "2020-02-24T13:09:43",
"dateReserved": "2019-12-27T00:00:00",
"dateUpdated": "2024-08-05T02:32:10.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13259
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/908000 | x_refsource_MISC | |
| https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d | x_refsource_MISC | |
| https://www.zsh.org/mla/zsh-announce/136 | x_refsource_MISC | |
| https://usn.ubuntu.com/3764-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201903-02 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2019:2017 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | zsh before 5.6 |
Version: zsh before 5.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:34.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/908000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "RHSA-2019:2017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2017"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zsh before 5.6",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "zsh before 5.6"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper parsing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/908000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "RHSA-2019:2017",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2017"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2018-13259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zsh before 5.6",
"version": {
"version_data": [
{
"version_value": "zsh before 5.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper parsing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/908000",
"refsource": "MISC",
"url": "https://bugs.debian.org/908000"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d"
},
{
"name": "https://www.zsh.org/mla/zsh-announce/136",
"refsource": "MISC",
"url": "https://www.zsh.org/mla/zsh-announce/136"
},
{
"name": "USN-3764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3764-1/"
},
{
"name": "GLSA-201903-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-02"
},
{
"name": "RHSA-2019:2017",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2017"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2018-13259",
"datePublished": "2018-09-05T07:00:00",
"dateReserved": "2018-07-05T00:00:00",
"dateUpdated": "2024-08-05T09:00:34.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-45444
Vulnerability from cvelistv5
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:39:20.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zsh.sourceforge.io/releases.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuln.ryotak.me/advisories/63"
},
{
"name": "FEDORA-2022-adf0c6d196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/"
},
{
"name": "DSA-5078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5078"
},
{
"name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"name": "FEDORA-2022-0a06987c3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T06:08:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zsh.sourceforge.io/releases.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuln.ryotak.me/advisories/63"
},
{
"name": "FEDORA-2022-adf0c6d196",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/"
},
{
"name": "DSA-5078",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5078"
},
{
"name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"name": "FEDORA-2022-0a06987c3c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zsh.sourceforge.io/releases.html",
"refsource": "MISC",
"url": "https://zsh.sourceforge.io/releases.html"
},
{
"name": "https://vuln.ryotak.me/advisories/63",
"refsource": "MISC",
"url": "https://vuln.ryotak.me/advisories/63"
},
{
"name": "FEDORA-2022-adf0c6d196",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/"
},
{
"name": "DSA-5078",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5078"
},
{
"name": "[debian-lts-announce] 20220218 [SECURITY] [DLA 2926-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"name": "FEDORA-2022-0a06987c3c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/"
},
{
"name": "https://support.apple.com/kb/HT213257",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213257"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "https://support.apple.com/kb/HT213255",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/38"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45444",
"datePublished": "2022-02-13T05:32:21",
"dateReserved": "2021-12-21T00:00:00",
"dateUpdated": "2024-08-04T04:39:20.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1083
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3608-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/103572 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:1932 | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1557382 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name": "103572",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103572"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zsh",
"vendor": "zsh",
"versions": [
{
"status": "affected",
"version": "before zsh 5.4.2-test-1"
}
]
}
],
"datePublic": "2018-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120-\u003eCWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-3608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name": "103572",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103572"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-26T00:00:00",
"ID": "CVE-2018-1083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "zsh",
"version": {
"version_data": [
{
"version_value": "before zsh 5.4.2-test-1"
}
]
}
}
]
},
"vendor_name": "zsh"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120-\u003eCWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3608-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name": "103572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103572"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7"
},
{
"name": "RHSA-2018:1932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1557382"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1083",
"datePublished": "2018-03-28T13:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-09-16T18:13:29.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7548
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3593-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7548",
"datePublished": "2018-02-27T22:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-10071
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055 | x_refsource_MISC | |
| https://usn.ubuntu.com/3593-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:02:38.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055"
},
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \"\u003e\u0026 fd\" syntax."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055"
},
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \"\u003e\u0026 fd\" syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055"
},
{
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10071",
"datePublished": "2018-02-27T22:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-06T14:02:38.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1071
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1553531 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3608-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/103359 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
},
{
"name": "USN-3608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name": "103359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103359"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zsh",
"vendor": "zsh",
"versions": [
{
"status": "affected",
"version": "5.4.2"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553531"
},
{
"name": "USN-3608-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3608-1/"
},
{
"name": "103359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103359"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "[debian-lts-announce] 20180331 [SECURITY] [DLA 1335-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00038.html"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1071",
"datePublished": "2018-03-09T15:00:00Z",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18206
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3593-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://access.redhat.com/errata/RHSA-2018:1932 | vendor-advisory, x_refsource_REDHAT | |
| https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-01T06:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "RHSA-2018:1932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1932"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
},
{
"name": "[debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18206",
"datePublished": "2018-02-27T22:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7549
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3593-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201805-10 | vendor-advisory, x_refsource_GENTOO | |
| https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2018:3073 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3593-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd"
},
{
"name": "RHSA-2018:3073",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3593-1/"
},
{
"name": "GLSA-201805-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-10"
},
{
"name": "https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd",
"refsource": "MISC",
"url": "https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd"
},
{
"name": "RHSA-2018:3073",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7549",
"datePublished": "2018-02-27T22:00:00",
"dateReserved": "2018-02-27T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202202-0062
Vulnerability from variot
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. zsh Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5325-1 March 14, 2022
zsh vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Zsh.
Software Description: - zsh: shell with lots of features
Details:
Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. (CVE-2019-20044)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: zsh 5.8-6ubuntu0.1 zsh-static 5.8-6ubuntu0.1
Ubuntu 20.04 LTS: zsh 5.8-3ubuntu1.1 zsh-static 5.8-3ubuntu1.1
Ubuntu 18.04 LTS: zsh 5.4.2-3ubuntu3.2 zsh-static 5.4.2-3ubuntu3.2
Ubuntu 16.04 ESM: zsh 5.1.1-1ubuntu2.3+esm1 zsh-static 5.1.1-1ubuntu2.3+esm1
In general, a standard system update will make all the necessary changes. Apple is aware of a report that this issue may have been actively exploited. This was addressed with improved input validation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257.
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o
apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher
Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)
Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher
Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher
TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval
zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.
FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.
Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.
WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.
Wi-Fi We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE-----
. Summary:
An update for zsh is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - noarch Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.
Security Fix(es):
- zsh: Prompt expansion vulnerability (CVE-2021-45444)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2054089 - CVE-2021-45444 zsh: Prompt expansion vulnerability
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
noarch: zsh-html-5.5.1-9.el8.noarch.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: zsh-5.5.1-9.el8.src.rpm
aarch64: zsh-5.5.1-9.el8.aarch64.rpm zsh-debuginfo-5.5.1-9.el8.aarch64.rpm zsh-debugsource-5.5.1-9.el8.aarch64.rpm
ppc64le: zsh-5.5.1-9.el8.ppc64le.rpm zsh-debuginfo-5.5.1-9.el8.ppc64le.rpm zsh-debugsource-5.5.1-9.el8.ppc64le.rpm
s390x: zsh-5.5.1-9.el8.s390x.rpm zsh-debuginfo-5.5.1-9.el8.s390x.rpm zsh-debugsource-5.5.1-9.el8.s390x.rpm
x86_64: zsh-5.5.1-9.el8.x86_64.rpm zsh-debuginfo-5.5.1-9.el8.x86_64.rpm zsh-debugsource-5.5.1-9.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-45444 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.
For the oldstable distribution (buster), this problem has been fixed in version 5.7.1-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 5.8-6+deb11u1.
We recommend that you upgrade your zsh packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-01
https://security.gentoo.org/
Severity: Normal Title: Zsh: Prompt Expansion Vulnerability Date: July 01, 2024 Bugs: #833252 ID: 202407-01
Synopsis
A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.
Background
A shell designed for interactive use, although it is also a powerful scripting language.
Affected packages
Package Vulnerable Unaffected
app-shells/zsh < 5.8.1 >= 5.8.1
Description
Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. VCS_Info to execute arbitrary shell commands without a user's knowledge.
Workaround
There is no known workaround at this time.
Resolution
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8.1"
References
[ 1 ] CVE-2021-45444 https://nvd.nist.gov/vuln/detail/CVE-2021-45444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202407-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0062",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "zsh",
"scope": "lt",
"trust": 1.0,
"vendor": "zsh",
"version": "5.8.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "zsh",
"scope": null,
"trust": 0.8,
"vendor": "zsh",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
}
],
"trust": 0.3
},
"cve": "CVE-2021-45444",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2021-45444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-409075",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-45444",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-45444",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45444",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-45444",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-409075",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. zsh Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5325-1\nMarch 14, 2022\n\nzsh vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Zsh. \n\nSoftware Description:\n- zsh: shell with lots of features\n\nDetails:\n\nSam Foxman discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to regain dropped privileges. \n(CVE-2019-20044)\n\nIt was discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2021-45444)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n zsh 5.8-6ubuntu0.1\n zsh-static 5.8-6ubuntu0.1\n\nUbuntu 20.04 LTS:\n zsh 5.8-3ubuntu1.1\n zsh-static 5.8-3ubuntu1.1\n\nUbuntu 18.04 LTS:\n zsh 5.4.2-3ubuntu3.2\n zsh-static 5.4.2-3ubuntu3.2\n\nUbuntu 16.04 ESM:\n zsh 5.1.1-1ubuntu2.3+esm1\n zsh-static 5.1.1-1ubuntu2.3+esm1\n\nIn general, a standard system update will make all the necessary changes. Apple is aware of a report that this issue may\nhave been actively exploited. This was addressed with improved input\nvalidation. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-2 macOS Monterey 12.4\n\nmacOS Monterey 12.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213257. \n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26772: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-26741: ABC Research s.r.o\nCVE-2022-26742: ABC Research s.r.o\nCVE-2022-26749: ABC Research s.r.o\nCVE-2022-26750: ABC Research s.r.o\nCVE-2022-26752: ABC Research s.r.o\nCVE-2022-26753: ABC Research s.r.o\nCVE-2022-26754: ABC Research s.r.o\n\napache\nAvailable for: macOS Monterey\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAVEVideoEncoder\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nContacts\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCVMS\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Photo location information may persist after it is removed\nwith Preview Inspector\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIOKit\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved code execution in macOS\nRecovery may be able to escalate to kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPreview\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nPrinting\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSafari Private Browsing\nAvailable for: macOS Monterey\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: macOS Monterey\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue existed in the handling of symlinks\nand was addressed with improved validation of symlinks. \nCVE-2022-26704: an anonymous researcher\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nCalendar\nWe would like to acknowledge Eugene Lim of Government Technology\nAgency of Singapore for their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFileVault\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH\nfor their assistance. \n\nLogin Window\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge Mohammad Tausif Siddiqui\n(@toshsiddiqui), an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge Dana Morrison for their assistance. \n\nmacOS Monterey 12.4 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg\nEjpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI\nDyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma\nmH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+\nrQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc\n402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV\nJ23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa\n5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ\nopD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs\nZ5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f\nLHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=\n=jaCZ\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for zsh is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - noarch\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe zsh shell is a command interpreter usable as an interactive login shell\nand as a shell script command processor. Zsh resembles the ksh shell (the\nKorn shell), but includes many enhancements. Zsh supports command-line\nediting, built-in spelling correction, programmable command completion,\nshell functions (with autoloading), a history mechanism, and more. \n\nSecurity Fix(es):\n\n* zsh: Prompt expansion vulnerability (CVE-2021-45444)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2054089 - CVE-2021-45444 zsh: Prompt expansion vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nnoarch:\nzsh-html-5.5.1-9.el8.noarch.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nzsh-5.5.1-9.el8.src.rpm\n\naarch64:\nzsh-5.5.1-9.el8.aarch64.rpm\nzsh-debuginfo-5.5.1-9.el8.aarch64.rpm\nzsh-debugsource-5.5.1-9.el8.aarch64.rpm\n\nppc64le:\nzsh-5.5.1-9.el8.ppc64le.rpm\nzsh-debuginfo-5.5.1-9.el8.ppc64le.rpm\nzsh-debugsource-5.5.1-9.el8.ppc64le.rpm\n\ns390x:\nzsh-5.5.1-9.el8.s390x.rpm\nzsh-debuginfo-5.5.1-9.el8.s390x.rpm\nzsh-debugsource-5.5.1-9.el8.s390x.rpm\n\nx86_64:\nzsh-5.5.1-9.el8.x86_64.rpm\nzsh-debuginfo-5.5.1-9.el8.x86_64.rpm\nzsh-debugsource-5.5.1-9.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45444\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. This would allow an\nattacker to execute arbitrary commands into a user\u0027s shell, for\ninstance by tricking a vcs_info user into checking out a git branch\nwith a specially crafted name. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 5.7.1-1+deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 5.8-6+deb11u1. \n\nWe recommend that you upgrade your zsh packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202407-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zsh: Prompt Expansion Vulnerability\n Date: July 01, 2024\n Bugs: #833252\n ID: 202407-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been discovered in Zsh, which can lead to execution\nof arbitrary code. \n\nBackground\n==========\n\nA shell designed for interactive use, although it is also a powerful\nscripting language. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\napp-shells/zsh \u003c 5.8.1 \u003e= 5.8.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Zsh. Please review the\nCVE identifiers referenced below for details. \nVCS_Info to execute arbitrary shell commands without a user\u0027s knowledge. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zsh users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-shells/zsh-5.8.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-45444\n https://nvd.nist.gov/vuln/detail/CVE-2021-45444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202407-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-409075",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-45444",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "166306",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167094",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.0681",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0717",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051165",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021702",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-409075",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-45444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169238",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179277",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"id": "VAR-202202-0062",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:47:52.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213256 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"title": "Zsh Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182545"
},
{
"title": "Ubuntu Security Notice: USN-5325-1: Zsh vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5325-1"
},
{
"title": "Debian Security Advisories: DSA-5078-1 zsh -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f89e845aa4d22d94399dc0f12d04d8a6"
},
{
"title": "Red Hat: CVE-2021-45444",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-45444"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1757",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1757"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-034",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-034"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5078"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.8,
"url": "https://vuln.ryotak.me/advisories/63"
},
{
"trust": 1.8,
"url": "https://zsh.sourceforge.io/releases.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bwf3exnbx5svfdbl4zfod4gjbwfukwn4/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2p3lpmgenehkdwfo4mwmzszl6g7y4cv7/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bwf3exnbx5svfdbl4zfod4gjbwfukwn4/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2p3lpmgenehkdwfo4mwmzszl6g7y4cv7/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-45444"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0681"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021702"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1072"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/zsh-code-execution-via-prompt-subst-expansion-37574"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213255"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0717"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166306/ubuntu-security-notice-usn-5325-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051165"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167094/red-hat-security-advisory-2022-2120-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031621"
},
{
"trust": 0.3,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5325-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213257."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:2120"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/zsh"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202407-01"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-409075"
},
{
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "167094"
},
{
"db": "PACKETSTORM",
"id": "169238"
},
{
"db": "PACKETSTORM",
"id": "179277"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-409075"
},
{
"date": "2022-02-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"date": "2023-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"date": "2022-03-14T19:00:12",
"db": "PACKETSTORM",
"id": "166306"
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188"
},
{
"date": "2022-05-17T16:58:15",
"db": "PACKETSTORM",
"id": "167186"
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189"
},
{
"date": "2022-05-11T16:52:46",
"db": "PACKETSTORM",
"id": "167094"
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169238"
},
{
"date": "2024-07-01T14:49:01",
"db": "PACKETSTORM",
"id": "179277"
},
{
"date": "2022-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"date": "2022-02-14T12:15:15.750000",
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-409075"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45444"
},
{
"date": "2023-06-12T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2022-005759"
},
{
"date": "2022-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1108"
},
{
"date": "2024-11-21T06:32:13.110000",
"db": "NVD",
"id": "CVE-2021-45444"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "zsh\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005759"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1108"
}
],
"trust": 0.6
}
}
var-202002-0332
Vulnerability from variot
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Zsh Is vulnerable to improper checking of removed privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this vulnerability to restore the original permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-55
https://security.gentoo.org/
Severity: Normal Title: Zsh: Privilege escalation Date: March 25, 2020 Bugs: #711136 ID: 202003-55
Synopsis
A vulnerability in Zsh might allow an attacker to escalate privileges.
Background
A shell designed for interactive use, although it is also a powerful scripting language.
Impact
An attacker could escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8"
References
[ 1 ] CVE-2019-20044 https://nvd.nist.gov/vuln/detail/CVE-2019-20044
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-55
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5325-1 March 14, 2022
zsh vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Zsh.
Software Description: - zsh: shell with lots of features
Details:
Sam Foxman discovered that Zsh incorrectly handled certain inputs. (CVE-2019-20044)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-45444)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: zsh 5.8-6ubuntu0.1 zsh-static 5.8-6ubuntu0.1
Ubuntu 20.04 LTS: zsh 5.8-3ubuntu1.1 zsh-static 5.8-3ubuntu1.1
Ubuntu 18.04 LTS: zsh 5.4.2-3ubuntu3.2 zsh-static 5.4.2-3ubuntu3.2
Ubuntu 16.04 ESM: zsh 5.1.1-1ubuntu2.3+esm1 zsh-static 5.1.1-1ubuntu2.3+esm1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address the following:
Accounts Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
AirDrop Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: An application may be able to use arbitrary entitlements Description: This issue was addressed with improved checks. CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking Available for: macOS Catalina 10.15.4 Impact: Inserting a USB device that sends invalid messages may cause a kernel panic Description: A logic issue was addressed with improved restrictions. CVE-2020-9804: Andy Davis of NCC Group
Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9831: Yu Wang of Didi Research America
Calendar Available for: macOS Catalina 10.15.4 Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information Description: This issue was addressed with improved checks. CVE-2020-3882: Andy Grant of NCC Group
CVMS Available for: macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: This issue was addressed with improved checks. CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to break out of its sandbox Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team
Find My Available for: macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9789: Wenchao Li of VARAS@IIE CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9822: ABC Research s.r.o
IPSec Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9837: Thijs Alkemade of Computest
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine another application's memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2020-9797: an anonymous researcher
Kernel Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-9811: Tielei Wang of Pangu Lab CVE-2020-9812: Derrek (@derrekr6)
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. CVE-2020-9813: Xinru Chi of Pangu Lab CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved state management. CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to execute arbitrary shell commands Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation. CVE-2019-14868
NSURL Available for: macOS Mojave 10.14.6 Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation. CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to gain root privileges Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2020-9817: Andy Grant of NCC Group
PackageKit Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to modify protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2020-9851: Linus Henze (pinauten.de)
Python Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9793
Sandbox Available for: macOS Catalina 10.15.4 Impact: A malicious application may be able to bypass Privacy preferences Description: An access issue was addressed with additional sandbox restrictions. CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Security Available for: macOS Catalina 10.15.4 Impact: A file may be incorrectly rendered to execute JavaScript Description: A validation issue was addressed with improved input sanitization. CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog)
SIP Available for: macOS Catalina 10.15.4 Impact: A non-privileged user may be able to modify restricted network settings Description: A logic issue was addressed with improved restrictions. CVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security
SQLite Available for: macOS Catalina 10.15.4 Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9794
System Preferences Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to gain elevated privileges Description: A race condition was addressed with improved state handling. CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio Available for: macOS Catalina 10.15.4 Impact: A USB device may be able to cause a denial of service Description: A validation issue was addressed with improved input sanitization. CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi Available for: macOS Catalina 10.15.4 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A double free issue was addressed with improved memory management. CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9832: Yu Wang of Didi Research America
WindowServer Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: An integer overflow was addressed through improved input validation. CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
zsh Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4 Impact: A local attacker may be able to elevate their privileges Description: An authorization issue was addressed with improved state management. CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth We would like to acknowledge Maximilian von Tschitschnitz of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.
CoreText We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
Endpoint Security We would like to acknowledge an anonymous researcher for their assistance.
ImageIO We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily We would like to acknowledge Andy Davis of NCC Group for their assistance.
IPSec We would like to acknowledge Thijs Alkemade of Computest for their assistance.
Login Window We would like to acknowledge Jon Morby and an anonymous researcher for their assistance.
Sandbox We would like to acknowledge Jason L Lang of Optum for their assistance.
Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Installation note:
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD ZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO MaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS wHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm VNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD BEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f EEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt 8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7 bKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ JLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe pW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal sLrLBIOxQCTskSFoExP8 =2eah -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0853-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0853 Issue date: 2020-03-17 CVE Names: CVE-2019-20044 =====================================================================
- Summary:
An update for zsh is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.
Security Fix(es):
- zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
ppc64: zsh-5.0.2-34.el7_7.2.ppc64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm
ppc64le: zsh-5.0.2-34.el7_7.2.ppc64le.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm
s390x: zsh-5.0.2-34.el7_7.2.s390x.rpm zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm zsh-html-5.0.2-34.el7_7.2.ppc64.rpm
ppc64le: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm zsh-html-5.0.2-34.el7_7.2.ppc64le.rpm
s390x: zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm zsh-html-5.0.2-34.el7_7.2.s390x.rpm
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: zsh-5.0.2-34.el7_7.2.src.rpm
x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64
iQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg f2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV Xbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9 oKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp d/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF 1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t x6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2 nTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC ZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN YNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k GghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2 2yHIY1iRg2jjw5hArbVE =9PNQ -----END PGP SIGNATURE-----
. 8) - aarch64, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.4.5"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "zsh",
"scope": "lt",
"trust": 1.0,
"vendor": "zsh",
"version": "5.8"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "13.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.2.5"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "zsh",
"scope": "eq",
"trust": 0.8,
"vendor": "zsh",
"version": "5.8"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:zsh:zsh",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
},
"cve": "CVE-2019-20044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-20044",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014656",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-152551",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-20044",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-20044",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-1097",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-152551",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-20044",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). Zsh Is vulnerable to improper checking of removed privileges.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this vulnerability to restore the original permissions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-55\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Zsh: Privilege escalation\n Date: March 25, 2020\n Bugs: #711136\n ID: 202003-55\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Zsh might allow an attacker to escalate privileges. \n\nBackground\n==========\n\nA shell designed for interactive use, although it is also a powerful\nscripting language. \n\nImpact\n======\n\nAn attacker could escalate privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Zsh users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-shells/zsh-5.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-20044\n https://nvd.nist.gov/vuln/detail/CVE-2019-20044\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-55\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5325-1\nMarch 14, 2022\n\nzsh vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Zsh. \n\nSoftware Description:\n- zsh: shell with lots of features\n\nDetails:\n\nSam Foxman discovered that Zsh incorrectly handled certain inputs. \n(CVE-2019-20044)\n\nIt was discovered that Zsh incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n(CVE-2021-45444)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n zsh 5.8-6ubuntu0.1\n zsh-static 5.8-6ubuntu0.1\n\nUbuntu 20.04 LTS:\n zsh 5.8-3ubuntu1.1\n zsh-static 5.8-3ubuntu1.1\n\nUbuntu 18.04 LTS:\n zsh 5.4.2-3ubuntu3.2\n zsh-static 5.4.2-3ubuntu3.2\n\nUbuntu 16.04 ESM:\n zsh 5.1.1-1ubuntu2.3+esm1\n zsh-static 5.1.1-1ubuntu2.3+esm1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update\n2020-003 Mojave, Security Update 2020-003 High Sierra\n\nmacOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security\nUpdate 2020-003 High Sierra are now available and address the\nfollowing:\n\nAccounts\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt\n\nAirDrop\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2020-9826: Dor Hadad of Palo Alto Networks\n\nAppleMobileFileIntegrity\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\nImpact: An application may be able to use arbitrary entitlements\nDescription: This issue was addressed with improved checks. \nCVE-2020-9842: Linus Henze (pinauten.de)\n\nAppleUSBNetworking\nAvailable for: macOS Catalina 10.15.4\nImpact: Inserting a USB device that sends invalid messages may cause\na kernel panic\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9804: Andy Davis of NCC Group\n\nAudio\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nAudio\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero\nDay Initiative\n\nBluetooth\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9831: Yu Wang of Didi Research America\n\nCalendar\nAvailable for: macOS Catalina 10.15.4\nImpact: Importing a maliciously crafted calendar invitation may\nexfiltrate user information\nDescription: This issue was addressed with improved checks. \nCVE-2020-3882: Andy Grant of NCC Group\n\nCVMS\nAvailable for: macOS Catalina 10.15.4\nImpact: An application may be able to gain elevated privileges\nDescription: This issue was addressed with improved checks. \nCVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nDiskArbitration\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team\n\nFind My\nAvailable for: macOS Catalina 10.15.4\nImpact: A local attacker may be able to elevate their privileges\nDescription: A validation issue existed in the handling of symlinks. \nThis issue was addressed with improved validation of symlinks. \nCVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team\n\nFontParser\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Catalina 10.15.4\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-3878: Samuel Gro\u00df of Google Project Zero\n\nImageIO\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9789: Wenchao Li of VARAS@IIE\nCVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab\n\nIntel Graphics Driver\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-9822: ABC Research s.r.o\n\nIPSec\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4\nImpact: A remote attacker may be able to leak memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9837: Thijs Alkemade of Computest\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine another\napplication\u0027s memory layout\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2020-9797: an anonymous researcher\n\nKernel\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to read kernel memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9811: Tielei Wang of Pangu Lab\nCVE-2020-9812: Derrek (@derrekr6)\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A logic issue existed resulting in memory corruption. \nThis was addressed with improved state management. \nCVE-2020-9813: Xinru Chi of Pangu Lab\nCVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab\n\nKernel\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-9809: Benjamin Randazzo (@____benjamin)\n\nksh\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: An issue existed in the handling of environment\nvariables. This issue was addressed with improved validation. \nCVE-2019-14868\n\nNSURL\nAvailable for: macOS Mojave 10.14.6\nImpact: A malicious website may be able to exfiltrate autofilled data\nin Safari\nDescription: An issue existed in the parsing of URLs. This issue was\naddressed with improved input validation. \nCVE-2020-9857: Dlive of Tencent Security Xuanwu Lab\n\nPackageKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to gain root privileges\nDescription: A permissions issue existed. This issue was addressed\nwith improved permission validation. \nCVE-2020-9817: Andy Grant of NCC Group\n\nPackageKit\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2020-9851: Linus Henze (pinauten.de)\n\nPython\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9793\n\nSandbox\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)\n\nSecurity\nAvailable for: macOS Catalina 10.15.4\nImpact: A file may be incorrectly rendered to execute JavaScript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9788: Wojciech Regu\u0142a of SecuRing\n(https://wojciechregula.blog)\n\nSIP\nAvailable for: macOS Catalina 10.15.4\nImpact: A non-privileged user may be able to modify restricted\nnetwork settings\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2020-9824: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSQLite\nAvailable for: macOS Catalina 10.15.4\nImpact: A malicious application may cause a denial of service or\npotentially disclose memory contents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2020-9794\n\nSystem Preferences\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to gain elevated privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of\n@SSLab_Gatech working with Trend Micro\u2019s Zero Day Initiative\n\nUSB Audio\nAvailable for: macOS Catalina 10.15.4\nImpact: A USB device may be able to cause a denial of service\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2020-9792: Andy Davis of NCC Group\n\nWi-Fi\nAvailable for: macOS Catalina 10.15.4\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2020-9844: Ian Beer of Google Project Zero\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2020-9830: Tielei Wang of Pangu Lab\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2020-9834: Yu Wang of Didi Research America\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2020-9833: Yu Wang of Didi Research America\n\nWi-Fi\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-9832: Yu Wang of Didi Research America\n\nWindowServer\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nzsh\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS\nCatalina 10.15.4\nImpact: A local attacker may be able to elevate their privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2019-20044: Sam Foxman\n\nAdditional recognition\n\nCoreBluetooth\nWe would like to acknowledge Maximilian von Tschitschnitz of\nTechnical University Munich and Ludwig Peuckert of Technical\nUniversity Munich for their assistance. \n\nCoreText\nWe would like to acknowledge Jiska Classen (@naehrdine) and Dennis\nHeinze (@ttdennis) of Secure Mobile Networking Lab for their\nassistance. \n\nEndpoint Security\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nImageIO\nWe would like to acknowledge Lei Sun for their assistance. \n\nIOHIDFamily\nWe would like to acknowledge Andy Davis of NCC Group for their\nassistance. \n\nIPSec\nWe would like to acknowledge Thijs Alkemade of Computest for their\nassistance. \n\nLogin Window\nWe would like to acknowledge Jon Morby and an anonymous researcher\nfor their assistance. \n\nSandbox\nWe would like to acknowledge Jason L Lang of Optum for their\nassistance. \n\nSpotlight\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security\nUpdate 2020-003 High Sierra may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezZcfAAoJEAc+Lhnt8tDNIQYP/0YN+/T85WC7RJjAlRrUDduD\nZO0e76d2C1jNgZWsYmXnrEPwfRYAEPLcKgb/SxAlwlRNFqex9CNu2sD1aA3GZBIO\nMaektARuncqh06rl8BjbakS4HQs675vUEjoJS9H2d0pq2dSEIjOtH1agJwtGIeNS\nwHBFlUnQzI42hurYeq7fxRdiByf+Z3mKEBt6wlVtaWjqcMfG9sroj9H58RLiqSNm\nVNfU4eZNPrG49kbTf4IC2JvvKg18hrUZqIcjbV/56+kPBl4+USIxh/5ECJHV/cDD\nBEe64M2I1LiY0lq6neoOeHvBiiIvUq9EUW2PBnfcbo3V1D35mm6td+WnO3Buqo6f\nEEkjfIwtq7fI10ZPYYjiUayrQyfqmM3x14JcxDsHzlerT6NNRTg3g2ls0seQK9Lt\n8IDbkrseOR0JFukR1njC+cAk4RbDFue5cUJK6Js1nGvFwLN0kHFIhh9jFKgccgH7\nbKSLDAdB+kSxBOshDDmYyNS+KRzXEWIsBU8ZbNAbRDANWqm4lcPffKWcG7zIdiMQ\nJLUclRURf35AoFmJ0F1BZSRzFuHr1Dvh23SjNK7H9i/mD05+rY6esh5ZKco+6Yqe\npW/EOXEAs/J06xUytABH3SkFmQSzlIPuFrXa8qAskHhFp/E8yLehyefoY+AZJjal\nsLrLBIOxQCTskSFoExP8\n=2eah\n-----END PGP SIGNATURE-----\n\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: zsh security update\nAdvisory ID: RHSA-2020:0853-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:0853\nIssue date: 2020-03-17\nCVE Names: CVE-2019-20044 \n=====================================================================\n\n1. Summary:\n\nAn update for zsh is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe zsh shell is a command interpreter usable as an interactive login shell\nand as a shell script command processor. Zsh resembles the ksh shell (the\nKorn shell), but includes many enhancements. Zsh supports command-line\nediting, built-in spelling correction, programmable command completion,\nshell functions (with autoloading), a history mechanism, and more. \n\nSecurity Fix(es):\n\n* zsh: insecure dropping of privileges when unsetting PRIVILEGED option\n(CVE-2019-20044)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nppc64:\nzsh-5.0.2-34.el7_7.2.ppc64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm\n\nppc64le:\nzsh-5.0.2-34.el7_7.2.ppc64le.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm\n\ns390x:\nzsh-5.0.2-34.el7_7.2.s390x.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm\nzsh-html-5.0.2-34.el7_7.2.ppc64.rpm\n\nppc64le:\nzsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm\nzsh-html-5.0.2-34.el7_7.2.ppc64le.rpm\n\ns390x:\nzsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm\nzsh-html-5.0.2-34.el7_7.2.s390x.rpm\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nzsh-5.0.2-34.el7_7.2.src.rpm\n\nx86_64:\nzsh-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nzsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm\nzsh-html-5.0.2-34.el7_7.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-20044\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n-----BEGIN PGP SIGNATURE-----\nVersion: BCPG v1.64\n\niQIcBAEDCAAGBQJezV7iAAoJEAc+Lhnt8tDNOiEP/10y27pTK/QbuSGW7HnZoJjg\nf2sHKU0JBCz7BjdgZHl6g+glsYPTojGGlIEa/r0ID9X74I41YS3cGvzmTQXcSdXV\nXbs98UPjabCZOMiTW/LBxx25I78UptqhMhisrXnNXfu+lAYOxmJVQ0vbN9jd9za9\noKw1ydIi4aGfwPg8KOtMbxzE8wb8+SsRlHmXGh4qSmJ0o5BIvumdPMQRInM5Sdhp\nd/XWrgc7SPKervyfgvlylWE3KteDDSkk8d42wN4444pLQkVrKnaxGKHjWz01jcMF\n1uB9ExsQbINGeR78wu8hD1wZke735shCwSyHHlSVf0iT/Ji3Zafy5dN79lMH5M8t\nx6ZmvDaPtNXGTaH41oTqsmyVoauy8ArWVMAuyi/ZdM6tM4J+7nEEAhrzvVOJ/0A2\nnTdGZBDUeUmDLpcJwGw4h8MCYNqscHYNAPUJ2sLfyQhT6lC71yvJeKENwsK77hTC\nZP+TFZbnbq7kETD/JknhGb8eC4DQ71NmlRNWpfKBId5bvXLRqiP/WHtwQk6XYCBN\nYNEOAUltQd4vKAI1ozjMh+RTI0EHNxTZCWJPawEkk2WhAytz+js+nJB4R9kp6N+k\nGghA5YOwLr/RveIzgm3fWEXOCR7b+7qxic+DPPULycnpdhDglbBWr4p8giQufnS2\n2yHIY1iRg2jjw5hArbVE\n=9PNQ\n-----END PGP SIGNATURE-----\n\n\n\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-20044",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "156818",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156924",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166306",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157883",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156805",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0988",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0973",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1081",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4265",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0952",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1861",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0769",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031621",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156794",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "156919",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157879",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157874",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-50123",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-152551",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-20044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157877",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"id": "VAR-202002-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:26:07.642000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"title": "zsh-announce",
"trust": 0.8,
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"title": "Zsh Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110771"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200853 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200978 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200903 - Security Advisory"
},
{
"title": "Red Hat: Important: zsh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200892 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: zsh: CVE-2019-20044: insecure dropping of privileges when unsetting PRIVILEGED option",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=65aa69745a1e62fea4c4cd467d3f7c8a"
},
{
"title": "Ubuntu Security Notice: USN-5325-1: Zsh vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5325-1"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1439",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1439"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MRXXII/zsh "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-273",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.apple.com/kb/ht211168"
},
{
"trust": 2.4,
"url": "https://support.apple.com/kb/ht211170"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20044"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202003-55"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211168"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211170"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211171"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht211175"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht211171"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht211175"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/49"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/53"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/59"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2020/may/55"
},
{
"trust": 1.8,
"url": "http://zsh.sourceforge.net/releases.html"
},
{
"trust": 1.8,
"url": "https://github.com/xmb5/zsh-privileged-upgrade"
},
{
"trust": 1.8,
"url": "https://www.zsh.org/mla/zsh-announce/141"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pn5v7mphrrp7qnhoek56s7qgru53wun6/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/fp64ffizi2ckqoeaoi5a72pvqule7zzc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/fp64ffizi2ckqoeaoi5a72pvqule7zzc/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pn5v7mphrrp7qnhoek56s7qgru53wun6/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20044"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156924/red-hat-security-advisory-2020-0978-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1861/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/zsh-privilege-escalation-via-zmodload-31713"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0769/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0988/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1072"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156805/red-hat-security-advisory-2020-0892-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4265/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0973/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0952/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211170"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156818/red-hat-security-advisory-2020-0903-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1081/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166306/ubuntu-security-notice-usn-5325-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157883/apple-security-advisory-2020-05-26-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1105"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031621"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9809"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9795"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9814"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9811"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9797"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9791"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9808"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9821"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9789"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3878"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9815"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9793"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9794"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9812"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20044"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0853"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5325-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9807"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/273.html"
},
{
"trust": 0.1,
"url": "https://github.com/mrxxii/zsh"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2020-1439.html"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-3ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/zsh/5.8-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9792"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9825"
},
{
"trust": 0.1,
"url": "https://wojciechregula.blog)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9819"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0903"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-152551"
},
{
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"db": "PACKETSTORM",
"id": "156919"
},
{
"db": "PACKETSTORM",
"id": "157883"
},
{
"db": "PACKETSTORM",
"id": "156924"
},
{
"db": "PACKETSTORM",
"id": "166306"
},
{
"db": "PACKETSTORM",
"id": "157877"
},
{
"db": "PACKETSTORM",
"id": "156794"
},
{
"db": "PACKETSTORM",
"id": "157879"
},
{
"db": "PACKETSTORM",
"id": "156818"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-152551"
},
{
"date": "2020-02-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"date": "2020-03-26T14:45:59",
"db": "PACKETSTORM",
"id": "156919"
},
{
"date": "2020-05-29T19:07:47",
"db": "PACKETSTORM",
"id": "157883"
},
{
"date": "2020-03-26T14:48:50",
"db": "PACKETSTORM",
"id": "156924"
},
{
"date": "2022-03-14T19:00:12",
"db": "PACKETSTORM",
"id": "166306"
},
{
"date": "2020-05-29T19:04:22",
"db": "PACKETSTORM",
"id": "157877"
},
{
"date": "2020-03-18T15:00:12",
"db": "PACKETSTORM",
"id": "156794"
},
{
"date": "2020-05-29T19:05:25",
"db": "PACKETSTORM",
"id": "157879"
},
{
"date": "2020-03-19T15:22:41",
"db": "PACKETSTORM",
"id": "156818"
},
{
"date": "2020-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"date": "2020-02-24T14:15:11.667000",
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-152551"
},
{
"date": "2023-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-20044"
},
{
"date": "2020-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014656"
},
{
"date": "2022-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-1097"
},
{
"date": "2024-11-21T04:37:56.997000",
"db": "NVD",
"id": "CVE-2019-20044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zsh Vulnerability in improper checking for deleted privileges in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-1097"
}
],
"trust": 0.6
}
}