usn-3593-1
Vulnerability from osv_ubuntu
It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)
It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072)
It was discovered that Zsh incorrectly handled certain errors. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10714)
It was discovered that Zsh incorrectly handled certain commands. An attacker could possibly use this to execute arbitrary code. (CVE-2017-18205)
It was discovered that Zsh incorrectly handled certain symlinks. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548)
It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2014-10070",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-10071",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2014-10072",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2016-10714",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-18205",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-7549",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "zsh",
"binary_version": "5.0.2-3ubuntu6.1"
},
{
"binary_name": "zsh-beta",
"binary_version": "5.0.2-3ubuntu6.1"
},
{
"binary_name": "zsh-common",
"binary_version": "5.0.2-3ubuntu6.1"
},
{
"binary_name": "zsh-static",
"binary_version": "5.0.2-3ubuntu6.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "zsh",
"purl": "pkg:deb/ubuntu/zsh@5.0.2-3ubuntu6.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.2-3ubuntu6.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.2-3ubuntu6"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2016-10714",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-18205",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2017-18206",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2018-7549",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "zsh",
"binary_version": "5.1.1-1ubuntu2.1"
},
{
"binary_name": "zsh-common",
"binary_version": "5.1.1-1ubuntu2.1"
},
{
"binary_name": "zsh-static",
"binary_version": "5.1.1-1ubuntu2.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "zsh",
"purl": "pkg:deb/ubuntu/zsh@5.1.1-1ubuntu2.1?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.1-1ubuntu2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.1-1ubuntu1",
"5.1.1-1ubuntu2"
]
}
],
"aliases": [],
"details": "It was discovered that Zsh incorrectly handled certain enviroment variables.\nAn attacker could possibly use this issue to gain privileged access to the\nsystem. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070)\n\nIt was discovered that Zsh incorrectly handled certain inputs.\nAn attacker could possibly use this to execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)\n\nIt was discovered that Zsh incorrectly handled some symbolic links.\nAn attacker could possibly use this to execute arbitrary code. This issue\nonly affected Ubuntu 14.04 LTS. (CVE-2014-10072)\n\nIt was discovered that Zsh incorrectly handled certain errors. An attacker\ncould possibly use this issue to cause a denial of service. (CVE-2016-10714)\n\nIt was discovered that Zsh incorrectly handled certain commands. An attacker\ncould possibly use this to execute arbitrary code. (CVE-2017-18205)\n\nIt was discovered that Zsh incorrectly handled certain symlinks. An attacker\ncould possibly use this to execute arbitrary code. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206)\n\nIt was discovered that Zsh incorrectly handled certain inputs. An attacker could\npossible use to execute arbitrary code. This issue only affected Ubuntu 17.10.\n(CVE-2018-7548)\n\nIt was discovered that Zsh incorrectly handled certain inputs. An attacker\ncould possibly use this to cause a denial of service. (CVE-2018-7549)\n",
"id": "USN-3593-1",
"modified": "2026-04-22T07:36:35Z",
"published": "2018-03-08T14:27:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3593-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-10070"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-10071"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-10072"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10714"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-18205"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-18206"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-7548"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-7549"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "zsh vulnerabilities",
"upstream": [
"UBUNTU-CVE-2014-10070",
"UBUNTU-CVE-2014-10071",
"UBUNTU-CVE-2014-10072",
"UBUNTU-CVE-2016-10714",
"UBUNTU-CVE-2017-18205",
"UBUNTU-CVE-2017-18206",
"UBUNTU-CVE-2018-7548",
"UBUNTU-CVE-2018-7549"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.