CVE-2014-10071
CRITICALzsh < 5.0.7 - Buffer Overflow via Long File Descriptor in Redirection Syntax
Title source: llmDescription
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3593-1/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3073
Scores
CVSS v3
9.8
EPSS
0.0274
EPSS Percentile
84.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (4)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
zsh/zsh
< 5.0.7
Published
Feb 27, 2018
Tracked Since
Feb 18, 2026