Buffer Overflow Affecting zsh package, versions <0:4.3.11-8.el6

Q: How to fix?

Upgrade RHEL:6 zsh to version 0:4.3.11-8.el6 or higher. This issue was patched in RHSA-2018:1932 .

Threat Intelligence

0.36% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL6-ZSH-1518413
published26 Jul 2021
disclosed20 Jan 2014

Report a new vulnerability Found a mistake?

Introduced: 20 Jan 2014

CVE-2014-10072 (opens in a new tab) CWE-120 (opens in a new tab)

How to fix?

Upgrade RHEL:6 zsh to version 0:4.3.11-8.el6 or higher.
This issue was patched in RHSA-2018:1932.

NVD Description

Note: Versions mentioned in the description apply only to the upstream zsh package and not the zsh package as distributed by RHEL. See How to fix? for RHEL:6 relevant fixed versions and status.

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

References

https://access.redhat.com/security/cve/CVE-2014-10072
https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210
https://access.redhat.com/errata/RHSA-2018:1932
https://usn.ubuntu.com/3593-1/