CVE-2018-7548

Public on 2018-02-27
Modified on 2018-04-05
Description
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
2.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core zsh 2018-04-05 ALAS2-2018-986 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2018-7548 Mitre: CVE-2018-7548