CVE-2018-0502

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

References

https://bugs.debian.org/908000

https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

https://security.gentoo.org/glsa/201903-02

https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d

https://usn.ubuntu.com/3764-1/

https://www.zsh.org/mla/zsh-announce/136

Details

Source: MITRE

Published: 2018-09-05

Updated: 2020-12-01

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
143401Debian DLA-2470-1 : zsh security updateNessusDebian Local Security Checks
critical
132219EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)NessusHuawei Local Security Checks
critical
131613EulerOS 2.0 SP2 : zsh (EulerOS-SA-2019-2459)NessusHuawei Local Security Checks
critical
130697EulerOS 2.0 SP5 : zsh (EulerOS-SA-2019-2235)NessusHuawei Local Security Checks
critical
126110Photon OS 2.0: Zsh PHSA-2019-2.0-0165NessusPhotonOS Local Security Checks
critical
123297openSUSE Security Update : zsh (openSUSE-2019-687)NessusSuSE Local Security Checks
critical
122730GLSA-201903-02 : Zsh: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
120450Fedora 29 : zsh (2018-5ad8e216d2)NessusFedora Local Security Checks
critical
120251Fedora 28 : zsh (2018-16bb8b00c5)NessusFedora Local Security Checks
critical
120096SUSE SLED15 / SLES15 Security Update : zsh (SUSE-SU-2018:2686-1)NessusSuSE Local Security Checks
critical
118044Amazon Linux 2 : zsh (ALAS-2018-1089)NessusAmazon Linux Local Security Checks
critical
117898openSUSE Security Update : zsh (openSUSE-2018-1094)NessusSuSE Local Security Checks
critical
117525openSUSE Security Update : zsh (openSUSE-2018-1018)NessusSuSE Local Security Checks
critical
117508Fedora 27 : zsh (2018-8b1b2373b4)NessusFedora Local Security Checks
critical
117456Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Zsh vulnerabilities (USN-3764-1)NessusUbuntu Local Security Checks
critical