CVE-2018-1071

Publication date 9 March 2018

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
zsh	17.10 artful	Fixed 5.2-5ubuntu1.2
	16.04 LTS xenial	Fixed 5.1.1-1ubuntu2.2
	14.04 LTS trusty	Fixed 5.0.2-3ubuntu6.2

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	5.5 · Medium
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-3608-1
Zsh vulnerabilities
27 March 2018

Other references

https://www.cve.org/CVERecord?id=CVE-2018-1071