CVE-2018-7548

Published: 27 February 2018

In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.

Priority

CVSS 3 base score: 9.8

Status

Package	Release	Status
zsh Launchpad, Ubuntu, Debian	artful	Released (5.2-5ubuntu1.1)
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [code not present])
	upstream	Needs triage
	xenial	Not vulnerable (code not present)

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.