from 0, < 5.6-1
CRITICAL9.8CVE-2018-0502An issue was discovered in zsh before 5.6. from 0, < 5.6-1
CRITICAL9.8CVE-2018-7548In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. from 0, < 5.5-1
CRITICAL9.8zsh - security update
from 0, < 5.3.1-4+deb9u1
CRITICAL9.8zsh - security update
from 0, < 5.4.1-1
CRITICAL9.8In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
from 0, < 5.3-1
CRITICAL9.8In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
from 0, < 5.0.6-1
CRITICAL9.8In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
from 0, < 5.0.7-3
HIGH8.1In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command…
from 0, < 5.4.1-1
HIGH7.8zsh - security update
from 0, < 5.7.1-1+deb10u1
HIGH7.8zsh - security update
from 0, < 5.8-6+deb11u1
HIGH7.8zsh - security update
from 0, < 5.3.1-4+deb9u5
HIGH7.8zsh - security update
from 0, < 5.0.7-5+deb8u1
HIGH7.8zsh - security update
from 0, < 5.8-1
HIGH7.8zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function.
from 0, < 5.5-1
HIGH7.8Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality.
from 0, < 5.4.2-4
HIGH7.8zsh - security update
from 0, < 5.0.7-3
HIGH7.8zsh - security update
from 0, < 4.3.17-1+deb7u1
HIGH7.5In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
from 0, < 5.5-1
MEDIUM5.5zsh - security update
from 0, < 4.3.17-1+deb7u2
MEDIUM5.5zsh - security update
from 0, < 5.4.2-4
—Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
from 0, < 4.3.4-dev-3-2