Your submission was sent successfully! Close

CVE-2018-7548

Published: 27 February 2018

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
artful
Released (5.2-5ubuntu1.1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102