OESA-2022-2094

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-2094

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-2094.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-2094

Upstream

CVE-2021-45444

Published

2022-11-11T11:04:36Z

Modified

2025-09-03T06:17:44.772176Z

Summary

zsh security update

Details

The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more.

Security Fix(es):

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS / zsh

Package

Name: zsh
Purl: pkg:rpm/openEuler/zsh&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8-3.oe2203

Ecosystem specific

{
    "noarch": [
        "zsh-help-5.8-3.oe2203.noarch.rpm"
    ],
    "aarch64": [
        "zsh-5.8-3.oe2203.aarch64.rpm",
        "zsh-debugsource-5.8-3.oe2203.aarch64.rpm",
        "zsh-debuginfo-5.8-3.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "zsh-5.8-3.oe2203.x86_64.rpm",
        "zsh-debugsource-5.8-3.oe2203.x86_64.rpm",
        "zsh-debuginfo-5.8-3.oe2203.x86_64.rpm"
    ],
    "src": [
        "zsh-5.8-3.oe2203.src.rpm"
    ]
}