In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-27
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-27
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS Score
4.6
EPSS Score
0.001
Published
2007-12-04
Page 2