CVE-2018-7548
Published: 27 February 2018
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
Priority
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
zsh Launchpad, Ubuntu, Debian |
artful |
Released
(5.2-5ubuntu1.1)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 |
||