Download
| Alert*
|
CVE-2017-18205
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18206 In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. CVE-2018-7549 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. CVE-2018-7548 In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. |
