Is CVE-2018-13259 actively exploited?

CVE-2018-13259 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-13259?

CVE-2018-13259 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2018-13259?

Patch guidance is available from canonical security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-13259.

Fix CVE-2018-13259 - CRITICAL canonical ubuntu linux

Q: Which products are affected by CVE-2018-13259?

4 products: canonical ubuntu linux, canonical ubuntu linux, canonical ubuntu linux, zsh zsh.

Description

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-20 · Improper Input Validation

Metadata

Primary Vendor: CANONICAL
Published: 9/5/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

canonical : ubuntu_linuxcanonical : ubuntu_linuxcanonical : ubuntu_linuxzsh : zsh

Remediation Guidance

Executive Summary

View on NIST NVD