CVE-2018-13259

Published: 05 September 2018

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
Upstream
Released (5.6-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (5.4.2-3ubuntu3.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.1.1-1ubuntu2.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [5.0.2-3ubuntu6.3])
Patches:
Other: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d