Is CVE-2018-1083 actively exploited?

CVE-2018-1083 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-1083?

CVE-2018-1083 has a CVSS score of 7.8 (HIGH severity). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-1083?

Patch guidance is available from zsh security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-1083.

Fix CVE-2018-1083 - HIGH zsh zsh

Q: Which products are affected by CVE-2018-1083?

11 products: zsh zsh, canonical ubuntu linux, canonical ubuntu linux, canonical ubuntu linux, debian debian linux, and 6 more.

Description

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

CVSS Metrics

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-120 CWE-119 · Memory Buffer Errors

Metadata

Primary Vendor: ZSH
Published: 3/28/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

zsh : zshcanonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxdebian : debian_linuxredhat : enterprise_linux_desktopredhat : enterprise_linux_desktopredhat : enterprise_linux_serverredhat : enterprise_linux_serverredhat : enterprise_linux_workstationredhat : enterprise_linux_workstation

Remediation Guidance

Executive Summary

Cite this page

CVE-2018-1083. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2018-1083

View on NIST NVD

CVE-2018-1083 vulnerability