CVE-2018-13259

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

References

https://access.redhat.com/errata/RHSA-2019:2017

https://bugs.debian.org/908000

https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html

https://security.gentoo.org/glsa/201903-02

https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d

https://usn.ubuntu.com/3764-1/

https://www.zsh.org/mla/zsh-announce/136

Details

Source: MITRE

Published: 2018-09-05

Updated: 2020-12-01

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
143401Debian DLA-2470-1 : zsh security updateNessusDebian Local Security Checks
critical
132475NewStart CGSL CORE 5.05 / MAIN 5.05 : zsh Vulnerability (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
critical
132219EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)NessusHuawei Local Security Checks
critical
131613EulerOS 2.0 SP2 : zsh (EulerOS-SA-2019-2459)NessusHuawei Local Security Checks
critical
130697EulerOS 2.0 SP5 : zsh (EulerOS-SA-2019-2235)NessusHuawei Local Security Checks
critical
129925NewStart CGSL CORE 5.04 / MAIN 5.04 : zsh Vulnerability (NS-SA-2019-0200)NessusNewStart CGSL Local Security Checks
critical
129012Amazon Linux AMI : zsh (ALAS-2019-1285)NessusAmazon Linux Local Security Checks
critical
128330CentOS 7 : zsh (CESA-2019:2017)NessusCentOS Local Security Checks
critical
128271Scientific Linux Security Update : zsh on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
critical
127647RHEL 7 : zsh (RHSA-2019:2017)NessusRed Hat Local Security Checks
critical
126110Photon OS 2.0: Zsh PHSA-2019-2.0-0165NessusPhotonOS Local Security Checks
critical
123297openSUSE Security Update : zsh (openSUSE-2019-687)NessusSuSE Local Security Checks
critical
122730GLSA-201903-02 : Zsh: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
critical
120450Fedora 29 : zsh (2018-5ad8e216d2)NessusFedora Local Security Checks
critical
120251Fedora 28 : zsh (2018-16bb8b00c5)NessusFedora Local Security Checks
critical
120096SUSE SLED15 / SLES15 Security Update : zsh (SUSE-SU-2018:2686-1)NessusSuSE Local Security Checks
critical
118044Amazon Linux 2 : zsh (ALAS-2018-1089)NessusAmazon Linux Local Security Checks
critical
117898openSUSE Security Update : zsh (openSUSE-2018-1094)NessusSuSE Local Security Checks
critical
117525openSUSE Security Update : zsh (openSUSE-2018-1018)NessusSuSE Local Security Checks
critical
117508Fedora 27 : zsh (2018-8b1b2373b4)NessusFedora Local Security Checks
critical
117456Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Zsh vulnerabilities (USN-3764-1)NessusUbuntu Local Security Checks
critical