Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().

  • Published: Feb 24, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-20044
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.2
  • AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
zsh / zsh - 5.8
fedoraproject / fedora 30 30.x
fedoraproject / fedora 31 31.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 9.0 9.0.x
apple / mac_os_x - 10.15.5
apple / iphone_os - 13.5
apple / watchos - 6.2.5
apple / tvos - 13.4.5
apple / ipados - 13.5
apple / mac_os_x 10.13.0 10.13.6
apple / mac_os_x 10.14.0 10.14.6
apple / mac_os_x 10.14.6-security_update_2020-001 10.14.6-security_update_2020-001.x
apple / mac_os_x 10.14.6-security_update_2020-002 10.14.6-security_update_2020-002.x
apple / mac_os_x 10.14.6-security_update_2019-007 10.14.6-security_update_2019-007.x
apple / mac_os_x 10.14.6-security_update_2019-004 10.14.6-security_update_2019-004.x
apple / mac_os_x 10.14.6-security_update_2019-005 10.14.6-security_update_2019-005.x
apple / mac_os_x 10.14.6-security_update_2019-006 10.14.6-security_update_2019-006.x
apple / mac_os_x 10.14.6 10.14.6.x
apple / mac_os_x 10.13.6-security_update_2020-001 10.13.6-security_update_2020-001.x
apple / mac_os_x 10.13.6-security_update_2020-002 10.13.6-security_update_2020-002.x
apple / mac_os_x 10.13.6-security_update_2018-003 10.13.6-security_update_2018-003.x
apple / mac_os_x 10.13.6-security_update_2018-002 10.13.6-security_update_2018-002.x
apple / mac_os_x 10.13.6-security_update_2019-003 10.13.6-security_update_2019-003.x
apple / mac_os_x 10.13.6-security_update_2019-002 10.13.6-security_update_2019-002.x
apple / mac_os_x 10.13.6-security_update_2019-001 10.13.6-security_update_2019-001.x
apple / mac_os_x 10.13.6-security_update_2019-007 10.13.6-security_update_2019-007.x
apple / mac_os_x 10.13.6-security_update_2019-006 10.13.6-security_update_2019-006.x
apple / mac_os_x 10.13.6-security_update_2019-005 10.13.6-security_update_2019-005.x
apple / mac_os_x 10.13.6-security_update_2019-004 10.13.6-security_update_2019-004.x
apple / mac_os_x 10.13.6 10.13.6.x
apple / mac_os_x 10.14.6-security_update_2019-001 10.14.6-security_update_2019-001.x
apple / mac_os_x 10.14.6-security_update_2019-002 10.14.6-security_update_2019-002.x
apple / mac_os_x 10.15 10.15.5