CVE-2018-1083

Priority
Medium
Description
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the
shell autocomplete functionality. A local unprivileged user can create a
specially crafted directory path which leads to code execution in the
context of the user who tries to use autocomplete to traverse the before
mentioned path. If the user affected is privileged, this leads to privilege
escalation.
References
Bugs
Assigned-to
leosilva
Package
Source: zsh (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.0.2-3ubuntu6.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (5.1.1-1ubuntu2.2)
Ubuntu 17.10 (Artful Aardvark):released (5.2-5ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
More Information

Updated: 2018-04-04 20:14:26 UTC (commit 14493)