vulnerability
Oracle Linux: CVE-2018-13259: ELSA-2019-2017: zsh security and bug fix update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Sep 4, 2018 | Jul 21, 2020 | Jan 7, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Jul 21, 2020
Modified
Jan 7, 2025
Description
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.
It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one.
Solution(s)
oracle-linux-upgrade-zshoracle-linux-upgrade-zsh-html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.