Your submission was sent successfully! Close

CVE-2017-18205

Published: 27 February 2018

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
artful
Released (5.2-5ubuntu1.1)
precise Does not exist

trusty Does not exist
(trusty was released [5.0.2-3ubuntu6.1])
upstream Needs triage

xenial
Released (5.1.1-1ubuntu2.1)