Stack Buffer Overflow in Procps-ng Affects Multiple Linux Distributions
CVE-2018-1125

4.4MEDIUM

Key Information:

Vendor: [unknown]
Status: Procps-ng, Procps
Vendor: CVE Published:; 23 May 2018

What is CVE-2018-1125?

The Procps-ng package, specifically the pgrep utility, is affected by a stack buffer overflow vulnerability that occurs in versions prior to 3.3.15. This flaw can lead to potential application crashes, although its impact is mitigated when FORTIFY is enabled, as seen in Red Hat Enterprise Linux and Fedora environments. In such cases, the severity of the vulnerability is lessened, but it remains critical for environments without these protections. Various Linux distributions are thus affected, necessitating an upgrade to ensure security and reliability.

Affected Version(s)

procps-ng, procps procps-ng 3.3.15

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1125

x_refsource_CONFIRM

https://usn.ubuntu.com/3658-1/

vendor-advisoryx_refsource_UBUNTU

https://www.debian.org/security/2018/dsa-4208

vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2018
Vulnerability Reserved
Dec 4, 2017

CVE-2018-1125 Data

JSON

[unknown]

What is CVE-2018-1125?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline