CVE-2023-4016
published 2023-08-02CVE-2023-4016: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of…
PriorityP412low3.3CVSS 3.1
AVLACLPRLUINSUCNINAL
EPSS
0.24%
14.8th percentile
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | procps | < procps 2:4.0.4-1 (forky) | procps 2:4.0.4-1 (forky) |
| fedoraproject | fedora | — | — |
| linux | linux_kernal | — | — |
| procps_project | procps | >= 0 < 2:4.0.4-1 | 2:4.0.4-1 |
| procps_project | procps | >= 0 < 2:4.0.4-1 | 2:4.0.4-1 |
| procps_project | procps | 3.3.0 – 4.0.3 | — |
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
osv3.3LOW
vendor_oracle3.3LOW
vendor_debian2.5LOW
vendor_redhat2.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-4016: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amoun
osv·2023-08-02·CVSS 3.3
CVE-2023-4016 [LOW] CVE-2023-4016: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amoun
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
GHSA
GHSA-v76x-qfmc-m88p: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amoun
ghsa_unreviewed·2023-08-02
CVE-2023-4016 [LOW] CWE-122 GHSA-v76x-qfmc-m88p: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amoun
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (procps) — CVE-2023-4016
vendor_oracle·2024-04-15·CVSS 3.3
CVE-2023-4016 [LOW] Oracle Oracle Communications Risk Matrix: Install/Upgrade (procps) — CVE-2023-4016
Oracle Oracle Communications Risk Matrix: Install/Upgrade (procps) vulnerability
CVE: CVE-2023-4016
CVSS: 3.3
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpuapr2024 (APR 2024)
Ubuntu
procps-ng vulnerability
vendor_ubuntu·2023-11-14
CVE-2023-4016 procps-ng vulnerability
Title: procps-ng vulnerability
Summary: procps-ng could be made to crash if it received specially crafted input.
It was discovered that the procps-ng ps tool incorrectly handled memory.
An attacker could possibly use this issue to cause procps-ng to crash,
resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
procps: ps buffer overflow
vendor_redhat·2023-08-02·CVSS 2.5
CVE-2023-4016 [LOW] CWE-787 procps: ps buffer overflow
procps: ps buffer overflow
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with "ps" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.
Statement: The affected package is procps, the command line utility known as “ps” used to understand the current state of any running processes. On 32 bit systems it is possible to use specific parameters with the -C option to trigger more me
Debian
CVE-2023-4016: procps - Under some circumstances, this weakness allows a user who has access to run the ...
vendor_debian·2023·CVSS 2.5
CVE-2023-4016 [LOW] CVE-2023-4016: procps - Under some circumstances, this weakness allows a user who has access to run the ...
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 2:4.0.4-1)
sid: resolved (fixed in 2:4.0.4-1)
trixie: resolved (fixed in 2:4.0.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-02
Published