CVE-2018-13259: Input Validation

Q: What is CVE-2018-13259?

CVE-2018-13259 is a vulnerability in zsh before version 5.6 that allows shebang lines exceeding 64 characters to be truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

Q: How severe is CVE-2018-13259?

CVE-2018-13259 has a severity rating of 9.8 (critical).

Q: Which software versions are affected by CVE-2018-13259?

The affected software versions include zsh 5.6-1 on Ubuntu, zsh 5.1.1-1ubuntu2.3 on Xenial, zsh 5.4.2-3ubuntu3.1 on Bionic, zsh 5.0.2-3ubuntu6.3 on Trusty, and zsh 5.6 on Red Hat.

Q: How can I fix CVE-2018-13259?

To fix CVE-2018-13259, update zsh to version 5.6-1 on Ubuntu, version 5.1.1-1ubuntu2.3 on Xenial, version 5.4.2-3ubuntu3.1 on Bionic, version 5.0.2-3ubuntu6.3 on Trusty, or version 5.6 on Red Hat.

Q: Where can I find more information about CVE-2018-13259?

You can find more information about CVE-2018-13259 on the MITRE CVE website, Ubuntu Security Notices, and the NIST National Vulnerability Database.

Published Sep 5, 2018

Updated

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

Affected Software

6 affected componentsFixes available

redhat/zsh<5.6

5.6

debian/zsh

5.8-6+deb11u15.9-45.9-8

Canonical Ubuntu Linux=14.04

Canonical Ubuntu Linux=16.04

Canonical Ubuntu Linux=18.04

Zsh zsh<5.6

Remediation

Patch Available

https://bugs.debian.org/908000

Patch Available

https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d

Event History

Sep 5, 2018

CVE Published

via MITRE·07:00 AM

Data Sourced

via MITRE·07:00 AM

DescriptionWeakness

Jan 11, 2024

Data Sourced

via Launchpad·10:50 PM

Description

Sep 14, 2024

Data Sourced

via Ubuntu·03:42 AM

RemedyDescriptionSeverityAffected Software

Frequently Asked Questions

What is CVE-2018-13259?

CVE-2018-13259 is a vulnerability in zsh before version 5.6 that allows shebang lines exceeding 64 characters to be truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

How severe is CVE-2018-13259?

CVE-2018-13259 has a severity rating of 9.8 (critical).

Which software versions are affected by CVE-2018-13259?

The affected software versions include zsh 5.6-1 on Ubuntu, zsh 5.1.1-1ubuntu2.3 on Xenial, zsh 5.4.2-3ubuntu3.1 on Bionic, zsh 5.0.2-3ubuntu6.3 on Trusty, and zsh 5.6 on Red Hat.

How can I fix CVE-2018-13259?

To fix CVE-2018-13259, update zsh to version 5.6-1 on Ubuntu, version 5.1.1-1ubuntu2.3 on Xenial, version 5.4.2-3ubuntu3.1 on Bionic, version 5.0.2-3ubuntu6.3 on Trusty, or version 5.6 on Red Hat.

Where can I find more information about CVE-2018-13259?

You can find more information about CVE-2018-13259 on the MITRE CVE website, Ubuntu Security Notices, and the NIST National Vulnerability Database.

CVE-2018-13259: Input Validation

Affected Software

Remediation

Patch Available

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2018-13259?

How severe is CVE-2018-13259?

Which software versions are affected by CVE-2018-13259?

How can I fix CVE-2018-13259?

Where can I find more information about CVE-2018-13259?

Company

Resources

Contact