{
  "threat_severity" : "Low",
  "public_date" : "2018-04-07T00:00:00Z",
  "bugzilla" : {
    "description" : "zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution",
    "id" : "1563395",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1563395"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-120->CWE-121",
  "details" : [ "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.", "A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom \"you have new mail\" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation." ],
  "acknowledgement" : "This issue was discovered by Richard Maciel Costa (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2018-06-19T00:00:00Z",
    "advisory" : "RHSA-2018:1932",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "zsh-0:4.3.11-8.el6",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3073",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "zsh-0:5.0.2-31.el7",
    "impact" : "low"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "zsh",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-1100\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1100" ],
  "name" : "CVE-2018-1100",
  "csaw" : false
}