CVE-2014-10072
CRITICALzsh < 5.0.6 - Buffer Overflow in Directory Path Scanner
Title source: llmDescription
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3593-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1932
Patch, Third Party Advisory x_refsource_misc
https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3073
Scores
CVSS v3
9.8
EPSS
0.0263
EPSS Percentile
83.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
zsh_project/zsh
< 5.0.6
Published
Feb 27, 2018
Tracked Since
Feb 18, 2026