CVE-2018-1083

Priority
Medium
Description
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the
shell autocomplete functionality. A local unprivileged user can create a
specially crafted directory path which leads to code execution in the
context of the user who tries to use autocomplete to traverse the before
mentioned path. If the user affected is privileged, this leads to privilege
escalation.
References
Bugs
Assigned-to
leosilva
Package
Source: zsh (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.0.2-3ubuntu6.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (5.1.1-1ubuntu2.2)
Ubuntu 17.10 (Artful Aardvark):released (5.2-5ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.4.2-3ubuntu3)
More Information

Updated: 2018-06-26 05:03:00 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)