CVE-2018-1071

Published: 09 March 2018

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.1.1-1ubuntu2.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [5.0.2-3ubuntu6.2])