Your submission was sent successfully! Close

CVE-2021-45444

Published: 14 February 2022

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Notes

AuthorNote
rodrigo-zaiden
The commits fdb8b0ce and bdc4d70a are related to a partial
commit that can be used in case an user can't update to a
patched version that contains c187154f commit.
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
zsh
Launchpad, Ubuntu, Debian
bionic
Released (5.4.2-3ubuntu3.2)
focal
Released (5.8-3ubuntu1.1)
impish
Released (5.8-6ubuntu0.1)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream
Released (5.8.1-1)
xenial
Released (5.1.1-1ubuntu2.3+esm1)
Patches:
upstream: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/