CVE-2017-18205

Published: 27 February 2018

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.1.1-1ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [5.0.2-3ubuntu6.1])