CVE-2018-1083

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

References

Affected packages

Git / github.com/zsh-users/zsh

Affected ranges

Type

GIT

Repo

https://github.com/zsh-users/zsh

Events

Introduced

Last affected

dc475bfa0ec6cd03789dde3bf28f71e0ea9d5003

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.4.1"
        }
    ]
}

Affected versions

5.*

5.1.1-test-2

5.3.1-test-2

5.4

5.4.1

Other

dot-zsh-199904280524

dot-zsh-199905041932

dot-zsh-199905171944

dot-zsh-199906060520

dot-zsh-199907031715

dot-zsh-199907241534

dot-zsh-199908011751

dot-zsh-last-snapshot-

post-opt-arg

pre-func-move

pre-opt-arg

dot-zsh-3.*

dot-zsh-3.1.5-pws-14-199904280524

dot-zsh-3.1.5-pws-15-last-snapshot-

dot-zsh-3.1.5-pws-17-199905271502

dot-zsh-3.1.5-pws-19-199905271502

dot-zsh-3.1.5-pws-19-199907031636

zsg-4.*

zsg-4.1.1-test-2

zsh-3.*

zsh-3.1.5

zsh-3.1.5-pws-1

zsh-3.1.5-pws-10

zsh-3.1.5-pws-11

zsh-3.1.5-pws-12

zsh-3.1.5-pws-13

zsh-3.1.5-pws-14

zsh-3.1.5-pws-16-w6109

zsh-3.1.5-pws-16-w6117

zsh-3.1.5-pws-16-w6119

zsh-3.1.5-pws-16-w6133

zsh-3.1.5-pws-2

zsh-3.1.5-pws-21

zsh-3.1.5-pws-22

zsh-3.1.5-pws-23

zsh-3.1.5-pws-24

zsh-3.1.5-pws-3

zsh-3.1.5-pws-4

zsh-3.1.5-pws-5

zsh-3.1.5-pws-6

zsh-3.1.5-pws-7

zsh-3.1.5-pws-8

zsh-3.1.5-pws-9

zsh-3.1.6

zsh-3.1.6-bart-7

zsh-3.1.6-bart-7-2

zsh-3.1.6-bart-8

zsh-3.1.6-dev-14

zsh-3.1.6-dev-15

zsh-3.1.6-dev-16

zsh-3.1.6-dev-17

zsh-3.1.6-dev-18

zsh-3.1.6-dev-19

zsh-3.1.6-dev-20

zsh-3.1.6-dev-21

zsh-3.1.6-dev-22

zsh-3.1.6-pws-1

zsh-3.1.6-pws-10

zsh-3.1.6-pws-11

zsh-3.1.6-pws-12

zsh-3.1.6-pws-13

zsh-3.1.6-pws-2

zsh-3.1.6-pws-3

zsh-3.1.6-pws-4

zsh-3.1.6-pws-5

zsh-3.1.6-pws-9

zsh-3.1.6-test-1

zsh-3.1.6-test-2

zsh-3.1.7

zsh-3.1.7-pre-2

zsh-3.1.7-pre-3

zsh-3.1.7-pre-4

zsh-3.1.7-prep-1

zsh-3.1.8

zsh-3.1.9

zsh-3.1.9-dev-1

zsh-3.1.9-dev-2

zsh-3.1.9-dev-3

zsh-3.1.9-dev-4

zsh-3.1.9-dev-5

zsh-3.1.9-dev-6

zsh-3.1.9-dev-7

zsh-3.1.9-dev-8

zsh-4.*

zsh-4.0.1

zsh-4.0.1-pre-1

zsh-4.0.1-pre-3

zsh-4.0.1-pre-4

zsh-4.0.1-pre-5

zsh-4.0.2

zsh-4.0.2-pre-2

zsh-4.0.3

zsh-4.0.4

zsh-4.0.5

zsh-4.0.6

zsh-4.0.7

zsh-4.0.8

zsh-4.0.9

zsh-4.1.0-dev-1

zsh-4.1.0-dev-2

zsh-4.1.0-dev-3

zsh-4.1.0-dev-4

zsh-4.1.0-dev-5

zsh-4.1.0-dev-7

zsh-4.1.1

zsh-4.1.1-test-1

zsh-4.1.1-test-3

zsh-4.2.0

zsh-4.2.0-pre-1

zsh-4.2.0-pre-2

zsh-4.2.0-pre-3

zsh-4.2.0-pre-4

zsh-4.2.1

zsh-4.2.1-test-A

zsh-4.2.2

zsh-4.2.3

zsh-4.2.4

zsh-4.2.5

zsh-4.2.6

zsh-4.2.6-dev-2

zsh-4.3.0-dev-3

zsh-4.3.0-dev-4

zsh-4.3.0-dev-5

zsh-4.3.1

zsh-4.3.10

zsh-4.3.10-dev-2

zsh-4.3.10-test-3

zsh-4.3.11

zsh-4.3.11-dev-4

zsh-4.3.12

zsh-4.3.12-test-3

zsh-4.3.13

zsh-4.3.14

zsh-4.3.15

zsh-4.3.16

zsh-4.3.17

zsh-4.3.17-test-2

zsh-4.3.2

zsh-4.3.3

zsh-4.3.4

zsh-4.3.4-dev-2

zsh-4.3.4-dev-4

zsh-4.3.4-dev-5

zsh-4.3.4-dev-6

zsh-4.3.4-dev-7

zsh-4.3.4-dev-8

zsh-4.3.5

zsh-4.3.5-dev-1

zsh-4.3.5-dev-2

zsh-4.3.5-dev-3

zsh-4.3.5-dev-4

zsh-4.3.6

zsh-4.3.6-dev-1

zsh-4.3.6-dev-2

zsh-4.3.7

zsh-4.3.8

zsh-4.3.9

zsh-4.3.9-dev-3

zsh-4.3.9-dev-5

zsh-5.*

zsh-5.0.0

zsh-5.0.0-test-1

zsh-5.0.1

zsh-5.0.2

zsh-5.0.2-test-1

zsh-5.0.2-test-2

zsh-5.0.2-test-3

zsh-5.0.3

zsh-5.0.3-test-1

zsh-5.0.3-test-2

zsh-5.0.4

zsh-5.0.5

zsh-5.0.5-dev-1

zsh-5.0.5-dev-2

zsh-5.0.5-dev-3

zsh-5.0.6

zsh-5.0.6-dev-1

zsh-5.0.7

zsh-5.0.7-dev-2

zsh-5.0.7-dev-4

zsh-5.0.8

zsh-5.0.8-test-2

zsh-5.0.8-test-3

zsh-5.1

zsh-5.1-test-1

zsh-5.1.1

zsh-5.1.1-test-1

zsh-5.1.1-test-2

zsh-5.1.1-test-3

zsh-5.2

zsh-5.2-test-1

zsh-5.2-test-2

zsh-5.2-test-3

zsh-5.3

zsh-5.3.1

zsh-5.4

zsh-5.4.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1083.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "17.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    }
]