Showing 1 - 3 of 3

CVE-2014-10072

Status Candidate

Overview

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

Red Hat Security Advisory 2018-3073-01: Posted Oct 31, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3073-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. Issues addressed include buffer overflow and code execution vulnerabilities.; tags | advisory, overflow, shell, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549; SHA-256 | be3d8852b1af029a739b1086e6b911f73b5c55e8833f586363f67a4443883f35; Download | Favorite | View

Red Hat Security Advisory 2018-1932-01: Posted Jun 20, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-1932-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. Issues addressed include buffer overflow and code execution vulnerabilities.; tags | advisory, overflow, shell, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2014-10072, CVE-2017-18206, CVE-2018-1083, CVE-2018-1100; SHA-256 | 6e92fa4a1f8faa6cbbfe11a277ce8dde91c2e66563b8ac7239e71ab8260f24ad; Download | Favorite | View

Ubuntu Security Notice USN-3593-1: Posted Mar 8, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3593-1 - It was discovered that Zsh incorrectly handled certain environment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2014-10070, CVE-2014-10071, CVE-2014-10072, CVE-2016-10714, CVE-2017-18205, CVE-2017-18206, CVE-2018-7548, CVE-2018-7549; SHA-256 | 84acebd4d29c3cd2686c174023ec9665be0db2b8567e0c54f82df6013a15303e; Download | Favorite | View

Page 1 of 1 Back 1 Next