Do your applications use this vulnerable package?
Test your applications
Overview
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
References
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Tracker
- Exploit DB
- Gentoo Security Advisory
- MISC
- Oss-Sec Mailing List
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RedHat Bugzilla Bug
- SUSE
- SUSE
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
7.8
high severity
-
Attack VectorLocal
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- CVE
- CVE-2018-1124
- CWE
- CWE-122 CWE-190 CWE-787
- Snyk ID
- SNYK-DEBIAN8-PROCPS-309349
- Disclosed
- 23 May, 2018
- Published
- 23 May, 2018