Your submission was sent successfully! Close

CVE-2018-1071

Published: 9 March 2018

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian 		artful
Released (5.2-5ubuntu1.2)
precise Does not exist

trusty Does not exist
(trusty was released [5.0.2-3ubuntu6.2])
upstream Needs triage

xenial
Released (5.1.1-1ubuntu2.2)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading