exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2021-45444

Status Candidate

Overview

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Related Files

Gentoo Linux Security Advisory 202407-01
Posted Jul 1, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202407-1 - A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code. Versions greater than or equal to 5.8.1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2021-45444
SHA-256 | d9a62b3cc5db7a1108e06a03409a472b97c45033a06411edc97792289abd2ee9
Apple Security Advisory 2022-05-16-4
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2022-0530, CVE-2022-0778, CVE-2022-22589, CVE-2022-22663, CVE-2022-22665, CVE-2022-22674, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26697, CVE-2022-26698, CVE-2022-26714, CVE-2022-26715, CVE-2022-26720, CVE-2022-26721, CVE-2022-26722, CVE-2022-26726, CVE-2022-26727, CVE-2022-26728, CVE-2022-26746, CVE-2022-26748
SHA-256 | 1457e96d61b184fbf3ed170c9802dbce7d15ed833ab54d7784b078ed15b160e1
Apple Security Advisory 2022-05-16-3
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2021-46059, CVE-2022-0128, CVE-2022-0530, CVE-2022-0778, CVE-2022-22589, CVE-2022-22663, CVE-2022-22665, CVE-2022-22674, CVE-2022-22675, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26697, CVE-2022-26698, CVE-2022-26706, CVE-2022-26712
SHA-256 | af1dee885ed55571356a89ad5ec67b39171a32fbf8125781c35f906717d83516
Apple Security Advisory 2022-05-16-2
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2022-0530, CVE-2022-0778, CVE-2022-22677, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26693, CVE-2022-26694, CVE-2022-26697, CVE-2022-26698, CVE-2022-26700, CVE-2022-26701, CVE-2022-26704, CVE-2022-26706, CVE-2022-26708, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26712, CVE-2022-26714, CVE-2022-26715
SHA-256 | c8eee02086d45b9c9a2776ce254bee0daede9360e0231556fd5fec341d3407c0
Red Hat Security Advisory 2022-2120-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-2120-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2021-45444
SHA-256 | cad6b69e64623ac3d744ea4e012aea789f4ebb8fab7d528559b72331b27bbf9e
Ubuntu Security Notice USN-5325-1
Posted Mar 14, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5325-1 - Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-20044, CVE-2021-45444
SHA-256 | 2815342c4cdaeae4ab9c8827097fde4fdda0fb158320b2765458587fe19ecd13
Debian Security Advisory 5078-1
Posted Feb 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5078-1 - It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user's shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2021-45444
SHA-256 | 602ee7c93d7aaf91206a9ab27b951e0acda36e1dc3ea481d1b2e907673a0bba8
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close