Vulnerability Details CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 5.1
References
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://vuln.ryotak.me/advisories/63
- https://www.debian.org/security/2022/dsa-5078
- https://zsh.sourceforge.io/releases.html
- http://seclists.org/fulldisclosure/2022/May/33
- http://seclists.org/fulldisclosure/2022/May/35
- http://seclists.org/fulldisclosure/2022/May/38
- https://lists.debian.org/debian-lts-announce/2022/02/msg00020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://vuln.ryotak.me/advisories/63
- https://www.debian.org/security/2022/dsa-5078
- https://zsh.sourceforge.io/releases.html
Products affected by CVE-2021-45444
-
cpe:2.3:a:zsh:zsh:3.1.5
-
cpe:2.3:a:zsh:zsh:3.1.6
-
cpe:2.3:a:zsh:zsh:3.1.7
-
cpe:2.3:a:zsh:zsh:3.1.8
-
cpe:2.3:a:zsh:zsh:3.1.9
-
cpe:2.3:a:zsh:zsh:4.0.1
-
cpe:2.3:a:zsh:zsh:4.0.2
-
cpe:2.3:a:zsh:zsh:4.0.3
-
cpe:2.3:a:zsh:zsh:4.0.4
-
cpe:2.3:a:zsh:zsh:4.0.5
-
cpe:2.3:a:zsh:zsh:4.0.6
-
cpe:2.3:a:zsh:zsh:4.0.7
-
cpe:2.3:a:zsh:zsh:4.0.8
-
cpe:2.3:a:zsh:zsh:4.0.9
-
cpe:2.3:a:zsh:zsh:4.1.0
-
cpe:2.3:a:zsh:zsh:4.1.1
-
cpe:2.3:a:zsh:zsh:4.2.0
-
cpe:2.3:a:zsh:zsh:4.2.1
-
cpe:2.3:a:zsh:zsh:4.2.2
-
cpe:2.3:a:zsh:zsh:4.2.3
-
cpe:2.3:a:zsh:zsh:4.2.4
-
cpe:2.3:a:zsh:zsh:4.2.5
-
cpe:2.3:a:zsh:zsh:4.2.6
-
cpe:2.3:a:zsh:zsh:4.3.0
-
cpe:2.3:a:zsh:zsh:4.3.1
-
cpe:2.3:a:zsh:zsh:4.3.10
-
cpe:2.3:a:zsh:zsh:4.3.11
-
cpe:2.3:a:zsh:zsh:4.3.12
-
cpe:2.3:a:zsh:zsh:4.3.13
-
cpe:2.3:a:zsh:zsh:4.3.14
-
cpe:2.3:a:zsh:zsh:4.3.15
-
cpe:2.3:a:zsh:zsh:4.3.16
-
cpe:2.3:a:zsh:zsh:4.3.17
-
cpe:2.3:a:zsh:zsh:4.3.2
-
cpe:2.3:a:zsh:zsh:4.3.3
-
cpe:2.3:a:zsh:zsh:4.3.4
-
cpe:2.3:a:zsh:zsh:4.3.5
-
cpe:2.3:a:zsh:zsh:4.3.6
-
cpe:2.3:a:zsh:zsh:4.3.7
-
cpe:2.3:a:zsh:zsh:4.3.8
-
cpe:2.3:a:zsh:zsh:4.3.9
-
cpe:2.3:a:zsh:zsh:5.0.0
-
cpe:2.3:a:zsh:zsh:5.0.1
-
cpe:2.3:a:zsh:zsh:5.0.2
-
cpe:2.3:a:zsh:zsh:5.0.3
-
cpe:2.3:a:zsh:zsh:5.0.4
-
cpe:2.3:a:zsh:zsh:5.0.5
-
cpe:2.3:a:zsh:zsh:5.0.6
-
cpe:2.3:a:zsh:zsh:5.0.7
-
cpe:2.3:a:zsh:zsh:5.0.8
-
cpe:2.3:a:zsh:zsh:5.1
-
cpe:2.3:a:zsh:zsh:5.1.1
-
cpe:2.3:a:zsh:zsh:5.2
-
cpe:2.3:a:zsh:zsh:5.3
-
cpe:2.3:a:zsh:zsh:5.3.1
-
cpe:2.3:a:zsh:zsh:5.4
-
cpe:2.3:a:zsh:zsh:5.4.1
-
cpe:2.3:a:zsh:zsh:5.4.2
-
cpe:2.3:a:zsh:zsh:5.5
-
cpe:2.3:a:zsh:zsh:5.5.1
-
cpe:2.3:a:zsh:zsh:5.6
-
cpe:2.3:a:zsh:zsh:5.6.1
-
cpe:2.3:a:zsh:zsh:5.6.2
-
cpe:2.3:a:zsh:zsh:5.7
-
cpe:2.3:a:zsh:zsh:5.7.1
-
cpe:2.3:a:zsh:zsh:5.8
-
cpe:2.3:o:apple:mac_os_x:10.15
-
cpe:2.3:o:apple:mac_os_x:10.15.1
-
cpe:2.3:o:apple:mac_os_x:10.15.2
-
cpe:2.3:o:apple:mac_os_x:10.15.3
-
cpe:2.3:o:apple:mac_os_x:10.15.4
-
cpe:2.3:o:apple:mac_os_x:10.15.5
-
cpe:2.3:o:apple:mac_os_x:10.15.6
-
cpe:2.3:o:apple:mac_os_x:10.15.7
-
cpe:2.3:o:apple:macos:11.0
-
cpe:2.3:o:apple:macos:11.0.1
-
cpe:2.3:o:apple:macos:11.1
-
cpe:2.3:o:apple:macos:11.1.0
-
cpe:2.3:o:apple:macos:11.2
-
cpe:2.3:o:apple:macos:11.2.1
-
cpe:2.3:o:apple:macos:11.3
-
cpe:2.3:o:apple:macos:11.3.1
-
cpe:2.3:o:apple:macos:11.4
-
cpe:2.3:o:apple:macos:11.5
-
cpe:2.3:o:apple:macos:11.5.1
-
cpe:2.3:o:apple:macos:11.6
-
cpe:2.3:o:apple:macos:11.6.1
-
cpe:2.3:o:apple:macos:11.6.2
-
cpe:2.3:o:apple:macos:11.6.3
-
cpe:2.3:o:apple:macos:11.6.5
-
cpe:2.3:o:apple:macos:12.0.0
-
cpe:2.3:o:apple:macos:12.0.1
-
cpe:2.3:o:apple:macos:12.1
-
cpe:2.3:o:apple:macos:12.2
-
cpe:2.3:o:apple:macos:12.2.1
-
cpe:2.3:o:apple:macos:12.3
-
cpe:2.3:o:apple:macos:12.3.1
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35