Your submission was sent successfully! Close

CVE-2018-13259

Published: 5 September 2018

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
bionic
Released (5.4.2-3ubuntu3.1)
precise Does not exist

trusty Does not exist
(trusty was released [5.0.2-3ubuntu6.3])
upstream
Released (5.6-1)
xenial
Released (5.1.1-1ubuntu2.3)
Patches:
other: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d