ALAS2-2018-986 --- zshID: oval:org.secpod.oval:def:1700019 | Date: (C)2018-04-09 (M)2023-12-20 |
Class: PATCH | Family: unix |
NULL dereference in cd in sh compatibility mode under given circumstancesIn builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. Null-pointer deref when using ${...} on an empty array result:In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${...} on an empty array result. Buffer overrun in xsymlinksIn utils.c in zsh before 5.4, symlink expansion had a buffer overflow. Crash on copying empty hash tableIn params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p