Bug 1553531 (CVE-2018-1071)

Summary: CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd()
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: carnil, dmaphy, james.antill, j, kdudka, rcosta, sfowler, svashisht
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:17:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1553533, 1555016, 1555017, 1555018, 1555019    
Bug Blocks: 1553534    

Description Sam Fowler 2018-03-09 02:18:55 UTC 
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
Comment 1 Sam Fowler 2018-03-09 02:19:07 UTC 
Acknowledgments:

Name: Richard Maciel Costa (Red Hat)
Comment 2 Sam Fowler 2018-03-09 02:19:31 UTC 
Created zsh tracking bugs for this issue:

Affects: fedora-all [bug 1553533]
Comment 3 Kamil Dudka 2018-03-12 13:27:06 UTC 
Do we have a reproducer and/or fix for this bug?

"a stack-based buffer overflow in the exec.c:hashcmd() function" is too vague and I was not able to find any publicly available information about CVE-2018-1071).
Comment 4 Sam Fowler 2018-03-12 23:20:29 UTC 
(In reply to Kamil Dudka from comment #3)
> Do we have a reproducer and/or fix for this bug?
> 
> "a stack-based buffer overflow in the exec.c:hashcmd() function" is too
> vague and I was not able to find any publicly available information about
> CVE-2018-1071).

Setting needinfo for the original reporter, Richard Costa.
Comment 14 errata-xmlrpc 2018-10-30 07:30:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3073 https://access.redhat.com/errata/RHSA-2018:3073