CVE-2018-7549

Public on 2018-02-27

Modified on 2018-12-07

Description

A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.

Severity

Low

See what this means

CVSS v3 Base Score

3.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	zsh	2018-12-06 00:20	ALAS-2018-1107
Amazon Linux 2 - Core	zsh	2018-04-05 16:13	ALAS2-2018-986

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.3	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
NVD	CVSSv2	5.0	AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD	CVSSv3	7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2018-7549 Mitre: CVE-2018-7549 FAQs regarding Amazon Linux ALAS/CVE Severity