VDB

GCVE-110-MAGEIA-2018-168

GCVE-110-MAGEIA-2018-168
Advisory Published
Vulnetix · Advisory published March 14, 2018
Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205) In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206) In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.(CVE-2018-7548) In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549)

Affected Products

VendorProductVersionsPlatforms
Mageiaakonadiconsole0 (affected), 17.12.2-1.1.mga6 (unaffected)
Mageiazsh5.3.1-1.2.mga6 (unaffected), 0 (affected), 5.3.1-1.2.mga6 (unaffected), 0 (affected)

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›