Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Desktop 12 SP3 package zsh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2014-10072 — CVSS 9.8 (critical): In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
CVE-2016-10714 — CVSS 9.8 (critical): In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
CVE-2017-18205 — CVSS 8.1 (high): In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command…
CVE-2014-10070 — CVSS 7.8 (high): zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as…
CVE-2018-1083 — CVSS 7.8 (high): Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can…
CVE-2018-7549 — CVSS 7.5 (high): In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-1071 — CVSS 5.5 (medium): zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit…