CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

References

Affected packages

Git / github.com/zsh-users/zsh

Affected ranges

Type

GIT

Repo

https://github.com/zsh-users/zsh

Events

Introduced

Fixed

b30b89418af2495c0d48a72573f908c4ecf05efd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.6"
        }
    ]
}

Affected versions

5.*

5.1.1-test-2

5.3.1-test-2

5.4

5.4.1

Other

post-opt-arg

pre-func-move

pre-opt-arg

zsg-4.*

zsg-4.1.1-test-2

zsh-3.*

zsh-3.1.6-dev-21

zsh-3.1.6-dev-22

zsh-3.1.7

zsh-3.1.7-pre-2

zsh-3.1.7-pre-3

zsh-3.1.7-pre-4

zsh-3.1.7-prep-1

zsh-3.1.8

zsh-3.1.9

zsh-3.1.9-dev-1

zsh-3.1.9-dev-2

zsh-3.1.9-dev-3

zsh-3.1.9-dev-4

zsh-3.1.9-dev-5

zsh-3.1.9-dev-6

zsh-3.1.9-dev-7

zsh-3.1.9-dev-8

zsh-4.*

zsh-4.0.1

zsh-4.0.1-pre-1

zsh-4.0.1-pre-3

zsh-4.0.1-pre-4

zsh-4.0.1-pre-5

zsh-4.0.2-pre-2

zsh-4.1.0-dev-1

zsh-4.1.0-dev-2

zsh-4.1.0-dev-3

zsh-4.1.0-dev-4

zsh-4.1.0-dev-5

zsh-4.1.0-dev-7

zsh-4.1.1

zsh-4.1.1-test-1

zsh-4.1.1-test-3

zsh-4.2.0

zsh-4.2.0-pre-1

zsh-4.2.0-pre-2

zsh-4.2.0-pre-3

zsh-4.2.0-pre-4

zsh-4.2.1

zsh-4.2.1-test-A

zsh-4.2.2

zsh-4.2.3

zsh-4.3.0-dev-3

zsh-4.3.0-dev-4

zsh-4.3.0-dev-5

zsh-4.3.1

zsh-4.3.10

zsh-4.3.10-dev-2

zsh-4.3.10-test-3

zsh-4.3.11

zsh-4.3.11-dev-4

zsh-4.3.12

zsh-4.3.12-test-3

zsh-4.3.13

zsh-4.3.14

zsh-4.3.15

zsh-4.3.16

zsh-4.3.17

zsh-4.3.17-test-2

zsh-4.3.2

zsh-4.3.3

zsh-4.3.4

zsh-4.3.4-dev-2

zsh-4.3.4-dev-4

zsh-4.3.4-dev-5

zsh-4.3.4-dev-6

zsh-4.3.4-dev-7

zsh-4.3.4-dev-8

zsh-4.3.5

zsh-4.3.5-dev-1

zsh-4.3.5-dev-2

zsh-4.3.5-dev-3

zsh-4.3.5-dev-4

zsh-4.3.6

zsh-4.3.6-dev-1

zsh-4.3.6-dev-2

zsh-4.3.7

zsh-4.3.8

zsh-4.3.9

zsh-4.3.9-dev-3

zsh-4.3.9-dev-5

zsh-5.*

zsh-5.0.0

zsh-5.0.0-test-1

zsh-5.0.1

zsh-5.0.2

zsh-5.0.2-test-1

zsh-5.0.2-test-2

zsh-5.0.2-test-3

zsh-5.0.3

zsh-5.0.3-test-1

zsh-5.0.3-test-2

zsh-5.0.4

zsh-5.0.5

zsh-5.0.5-dev-1

zsh-5.0.5-dev-2

zsh-5.0.5-dev-3

zsh-5.0.6

zsh-5.0.6-dev-1

zsh-5.0.7

zsh-5.0.7-dev-2

zsh-5.0.7-dev-4

zsh-5.0.8

zsh-5.0.8-test-2

zsh-5.0.8-test-3

zsh-5.1

zsh-5.1-test-1

zsh-5.1.1

zsh-5.1.1-test-1

zsh-5.1.1-test-2

zsh-5.1.1-test-3

zsh-5.2

zsh-5.2-test-1

zsh-5.2-test-2

zsh-5.2-test-3

zsh-5.3

zsh-5.3.1

zsh-5.4

zsh-5.4.1

zsh-5.4.2

zsh-5.4.2-test-1

zsh-5.4.2-test-2

zsh-5.5

zsh-5.5.1

zsh-5.5.1-test-1

zsh-5.5.1-test-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0502.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]