Out-of-bounds Write in procps

Do your applications use this vulnerable package? Test your applications

Overview

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

References

Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
MISC
Oss-Sec Mailing List
RedHat Bugzilla Bug
SUSE
SUSE
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2018-1125
CWE: CWE-121 CWE-787
Snyk ID: SNYK-DEBIAN9-PROCPS-309314
Disclosed: 23 May, 2018
Published: 23 May, 2018

Out-of-bounds Write
Affecting procps package, versions <2:3.3.12-3+deb9u1

Overview

References

CVSS Score

Out-of-bounds Write Affecting procps package, versions <2:3.3.12-3+deb9u1

Overview

References

Out-of-bounds Write
Affecting procps package, versions <2:3.3.12-3+deb9u1