FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zsh -- Arbitrary command execution vulnerability

Affected packages
zsh < 5.8.1

Details

VuXML ID d923fb0c-8c2f-11ec-aa85-0800270512f4
Discovery 2022-02-12
Entry 2022-02-12

Marc Cornellà reports:

Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name.

References

CVE Name CVE-2021-45444
URL https://zsh.sourceforge.io/releases.html