zsh (SUSE:Linux Enterprise Server 11 SP4-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP4-LTSS package zsh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2016-10714 — CVSS 9.8 (critical): In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
CVE-2014-10072 — CVSS 9.8 (critical): In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
CVE-2018-13259 — CVSS 9.8 (critical): An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a…
CVE-2018-0502 — CVSS 9.8 (critical): An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a…
CVE-2017-18205 — CVSS 8.1 (high): In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command…
CVE-2019-20044 — CVSS 7.8 (high): In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite…
CVE-2018-1083 — CVSS 7.8 (high): Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can…
CVE-2014-10070 — CVSS 7.8 (high): zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as…
CVE-2018-7549 — CVSS 7.5 (high): In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVE-2018-1071 — CVSS 5.5 (medium): zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit…