Procps-Ng Project Procps-Ng vulnerabilities

5 known vulnerabilities affecting procps-ng_project/procps-ng.

Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2018-1126CRITICALCVSS 9.8fixed in 3.3.152018-05-23
CVE-2018-1126 [MEDIUM] CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
nvd
CVE-2018-1124HIGHCVSS 7.8PoCfixed in 3.3.152018-05-23
CVE-2018-1124 [HIGH] CWE-122 CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corrup procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
nvd
CVE-2018-1122HIGHCVSS 7.0PoCfixed in 3.3.152018-05-23
CVE-2018-1122 [HIGH] CWE-829 CVE-2018-1122: procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
nvd
CVE-2018-1125HIGHCVSS 7.5fixed in 3.3.152018-05-23
CVE-2018-1125 [HIGH] CWE-121 CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerabilit procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
nvd
CVE-2018-1123HIGHCVSS 7.5PoCfixed in 3.3.152018-05-23
CVE-2018-1123 [LOW] CWE-122 CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
nvd