ALAS2-2018-1013 --- zshID: oval:org.secpod.oval:def:1700036 | Date: (C)2018-05-11 (M)2023-12-20 |
Class: PATCH | Family: unix |
1553531: Stack-based buffer overflow in exec.c:hashcmdzsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service.Stack-based buffer overflow in gen_matches_files at compctl.cA buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.Buffer overflow in utils.c:checkmailpath can lead to local arbitrary code executionA buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom quot;you have new mailquot; message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.