Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2018-1124
Severity
7.8HIGH
EPSS
0.5%
top 35.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMay 23
Latest updateMay 13
Description
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages8 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 6.0, 7.0, 7.5
🔴Vulnerability Details
4💥Exploits & PoCs
1📋Vendor Advisories
5💬Community
3Bugzilla▶
CVE-2018-1124 procps-ng: procps-ng, procps: Integer overflows leading to heap overflow in file2strvec [fedora-all]↗2018-05-18
Bugzilla▶
CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues↗2018-05-08
Bugzilla▶
CVE-2018-1124 procps-ng, procps: Integer overflows leading to heap overflow in file2strvec↗2018-05-07