vulnerability

Oracle Linux: CVE-2018-13259: ELSA-2019-2017: zsh security and bug fix update (MODERATE) (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Jul 21, 2020
Modified
Jan 7, 2025

Description

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.

Solution(s)

oracle-linux-upgrade-zshoracle-linux-upgrade-zsh-html
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.