CVE-2018-1126 — Integer Overflow or Wraparound in Project Procps-ng
Severity
9.8CRITICALNVD
CNA7.8OSV7.8
EPSS
0.5%
top 34.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 23
Latest updateMay 14
Description
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04, Enterprise Linux 7.0, 6.6
🔴Vulnerability Details
3📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2018-16375 openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.c↗2018-09-06
Bugzilla▶
CVE-2018-1126 procps-ng: procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues [fedora-all]↗2018-05-18
Bugzilla▶
CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues↗2018-05-08
Bugzilla▶
CVE-2018-1124 procps-ng, procps: Integer overflows leading to heap overflow in file2strvec↗2018-05-07