Denial of Service Vulnerability in Procps-ng by Ubuntu
CVE-2018-1123

3.9LOW

Key Information:

Vendor

[unknown]

Status
Procps-ng, Procps
Vendor
CVE Published:
23 May 2018

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2018-1123?

The Procps-ng utility prior to version 3.3.15 contains a vulnerability that could allow a denial of service through a buffer overflow in its 'ps' command. This flaw occurs due to improper handling of memory mapping, which could result in application crashes. However, the built-in protection at the end of the buffer limits the impact to a temporary denial of service, making it crucial for users to upgrade to avoid potential disruptions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

procps-ng, procps procps-ng 3.3.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-1123
Created by aravinddathd

References

https://usn.ubuntu.com/3658-1/
vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4208
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201805-14
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.