ID CVE-2018-1100
Summary zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
References
Vulnerable Configurations
  • cpe:2.3:a:zsh:zsh:3.1.5:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-10:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-10:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-11:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-11:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-12:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-12:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-13:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-13:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-14:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-14:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6109:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6109:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6117:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6117:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6119:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6119:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6133:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-16-w6133:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-21:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-21:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-22:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-22:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-23:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-23:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-24:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-24:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-6:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-6:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-7:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-7:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-8:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-8:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.5:pws-9:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.5:pws-9:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:bart-7:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:bart-7:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:bart-7-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:bart-7-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:bart-8:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:bart-8:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-14:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-14:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-15:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-15:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-16:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-16:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-17:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-17:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-18:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-18:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-19:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-19:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-20:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-20:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-21:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-21:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:dev-22:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:dev-22:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-10:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-10:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-11:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-11:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-12:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-12:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-13:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-13:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:pws-9:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:pws-9:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.6:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.6:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.7:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.7:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.7:pre-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.7:pre-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.7:pre-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.7:pre-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.7:pre-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.7:pre-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.7:prep-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.7:prep-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-6:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-6:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-7:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-7:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:3.1.9:dev-8:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:3.1.9:dev-8:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.1:pre-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.1:pre-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.1:pre-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.1:pre-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.1:pre-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.1:pre-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.1:pre-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.1:pre-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.2:pre-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.2:pre-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.0:dev-7:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.0:dev-7:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.1:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.1:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.1.1:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.1.1:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.0:pre-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.0:pre-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.0:pre-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.0:pre-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.0:pre-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.0:pre-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.0:pre-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.0:pre-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.1:test-a:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.1:test-a:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.6:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.6:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.2.6:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.2.6:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.0:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.0:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.0:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.0:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.0:dev-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.0:dev-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-6:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-6:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-7:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-7:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.4:dev-8:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.4:dev-8:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.5:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.5:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.5:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.5:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.5:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.5:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.5:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.5:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.5:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.5:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.6:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.6:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.6:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.6:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.6:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.6:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.9:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.9:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.9:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.9:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.9:dev-5:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.9:dev-5:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.10:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.10:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.10:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.10:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.10:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.10:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.11:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.11:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.11:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.11:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.12:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.12:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.12:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.12:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.17:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.17:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:4.3.17:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:4.3.17:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.0:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.0:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.2:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.2:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.2:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.2:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.2:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.2:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.3:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.3:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.3:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.3:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.3:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.5:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.5:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.5:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.5:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.5:dev-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.5:dev-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.6:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.6:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.6:dev-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.6:dev-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.7:dev-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.7:dev-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.7:dev-4:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.7:dev-4:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.8:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.8:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.8:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.8:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.0.8:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.0.8:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1.1:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1.1:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1.1:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1.1:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.1.1:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.1.1:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.2:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.2:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.2:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.2:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.2:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.2:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.2:test-3:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.2:test-3:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.3.1:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.3.1:test-2:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.4.2:-:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.4.2:-:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.4.2:test-1:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.4.2:test-1:*:*:*:*:*:*
  • cpe:2.3:a:zsh:zsh:5.4.2:test-2:*:*:*:*:*:*
    cpe:2.3:a:zsh:zsh:5.4.2:test-2:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 01-12-2020 - 07:15)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1563395
    title CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment zsh is earlier than 0:4.3.11-8.el6
            oval oval:com.redhat.rhsa:tst:20181932001
          • comment zsh is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181932002
        • AND
          • comment zsh-html is earlier than 0:4.3.11-8.el6
            oval oval:com.redhat.rhsa:tst:20181932003
          • comment zsh-html is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181932004
    rhsa
    id RHSA-2018:1932
    released 2018-06-19
    severity Moderate
    title RHSA-2018:1932: zsh security update (Moderate)
  • rhsa
    id RHSA-2018:3073
rpms
  • zsh-0:4.3.11-8.el6
  • zsh-debuginfo-0:4.3.11-8.el6
  • zsh-html-0:4.3.11-8.el6
  • zsh-0:5.0.2-31.el7
  • zsh-debuginfo-0:5.0.2-31.el7
  • zsh-html-0:5.0.2-31.el7
refmap via4
confirm
gentoo GLSA-201805-10
mlist [debian-lts-announce] 20201201 [SECURITY] [DLA 2470-1] zsh security update
ubuntu USN-3764-1
Last major update 01-12-2020 - 07:15
Published 11-04-2018 - 19:29
Last modified 01-12-2020 - 07:15
Back to Top