PT-2018-3528 · Procps Ng+3 · Procps-Ng+3

Published

2018-05-07

Updated

2024-06-15

CVE-2018-1123

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: procps-ng versions prior to 3.3.15

Description: The issue is related to a buffer overflow in the ps command, which can cause a denial of service. This is due to an out-of-bounds operation in memory. The impact is limited to a crash, resulting in a temporary denial of service, because of an inbuilt protection mechanism that maps a guard page at the end of the overflowed buffer.

Recommendations: For versions prior to 3.3.15, update to version 3.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the ps command to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

ALT-PU-2019-1749

BDU:2020-03292

CVE-2018-1123

DLA-1390-1

DSA-4208-1

OPENSUSE-SU-2018_1848-1

OPENSUSE-SU-2019:2376-1

OPENSUSE-SU-2019:2379-1

OPENSUSE-SU-2019_0291-1

OPENSUSE-SU-2019_2376-1

OPENSUSE-SU-2019_2379-1

OPENSUSE-SU-2024:11195-1

OPENSUSE-SU-2024:12565-1

SUSE-SU-2018:1836-1

SUSE-SU-2018:2042-1

SUSE-SU-2018:2451-2

SUSE-SU-2019:0450-1

SUSE-SU-2019:0450-2

SUSE-SU-2019:2730-1

USN-3658-1

USN-3658-3

Affected Products

Alt Linux

Suse

Ubuntu

Procps-Ng

PT-2018-3528 · Procps Ng+3 · Procps-Ng+3

CVE-2018-1123

Weakness Enumeration

Related Identifiers

Affected Products

References · 77