Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1123

CWE-122Heap-based Buffer OverflowCWE-119Buffer Overflow13 documents9 sources
Severity
7.5HIGH
EPSS
3.3%
top 12.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Procps-ng Project Procps-ngCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedMay 23
Latest updateMay 13

Description

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:LExploitability: 1.3 | Impact: 2.5

Affected Packages4 packages

Debianprocps< 2:3.3.15-1+3
Ubuntuprocps< 1:3.3.9-1ubuntu2.3+2
Ubuntugit< 1:1.9.1-1ubuntu0.8+2

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

5
GHSA
GHSA-3vgv-cg7r-qgvj: procps-ng before version 32022-05-13
OSV
git vulnerabilities2018-06-05
OSV
CVE-2018-1123: procps-ng before version 32018-05-23
CVEList
CVE-2018-1123: procps-ng before version 32018-05-23
OSV
procps vulnerabilities2018-05-23

💥Exploits & PoCs

1
Exploit-DB
Procps-ng - Multiple Vulnerabilities2018-05-30

📋Vendor Advisories

4
Ubuntu
procps-ng vulnerabilities2018-08-16
Ubuntu
procps-ng vulnerabilities2018-05-23
Red Hat
procps: denial of service in ps via mmap buffer overflow2018-05-17
Debian
CVE-2018-1123: procps - procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via m...2018

💬Community

2
Bugzilla
CVE-2018-14423 openjpeg2: Division-by-zero vulnerabilities in lib/openjp3d/pi.c2018-07-30
Bugzilla
CVE-2018-1123 procps-ng, procps: denial of service in ps via mmap buffer overflow2018-05-07
CVE-2018-1123 (HIGH CVSS 7.5) | procps-ng before version 3.3.15 is | cvebase.io