Your submission was sent successfully! Close

CVE-2018-1071

Published: 9 March 2018

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
artful
Released (5.2-5ubuntu1.2)
precise Does not exist

trusty Does not exist
(trusty was released [5.0.2-3ubuntu6.2])
upstream Needs triage

xenial
Released (5.1.1-1ubuntu2.2)