{
  "threat_severity" : "Low",
  "public_date" : "2017-06-13T00:00:00Z",
  "bugzilla" : {
    "description" : "zsh: NULL dereference in cd in sh compatibility mode under given circumstances",
    "id" : "1549862",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549862"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-665",
  "details" : [ "In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.", "A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3073",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "zsh-0:5.0.2-31.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18205\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18205" ],
  "name" : "CVE-2017-18205",
  "csaw" : false
}