zsh is vulnerable to a stack-based buffer overflow in the gen_matches_files() function. A local attacker could exploit this through tab completion of directories with long names leading to arbitrary code execution.
Upstream Patch: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
Created zsh tracking bugs for this issue: Affects: fedora-all [bug 1560696]
Acknowledgments: Name: Richard Maciel Costa (Red Hat)
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1932 https://access.redhat.com/errata/RHSA-2018:1932
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3073 https://access.redhat.com/errata/RHSA-2018:3073