Home

CVE-2018-1124

Description

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.432

Associated Vulnerability

VulnerabilityOS Platform
/proc file system utilities (USN-3658-1) procps_3.3.9-1ubuntu2.3_i386.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.9-1ubuntu2.3_amd64.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.10-4ubuntu2.4_i386.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.10-4ubuntu2.4_amd64.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.12-1ubuntu2.1_i386.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.12-1ubuntu2.1_amd64.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.12-3ubuntu1.1_i386.debLinux
/proc file system utilities (USN-3658-1) procps_3.3.12-3ubuntu1.1_amd64.debLinux
/proc file system utilities (USN-3658-1) libprocps3_3.3.9-1ubuntu2.3_i386.debLinux
/proc file system utilities (USN-3658-1) libprocps3_3.3.9-1ubuntu2.3_amd64.debLinux
/proc file system utilities (USN-3658-1) libprocps4_3.3.10-4ubuntu2.4_i386.debLinux
/proc file system utilities (USN-3658-1) libprocps4_3.3.10-4ubuntu2.4_amd64.debLinux
/proc file system utilities (USN-3658-1) libprocps6_3.3.12-1ubuntu2.1_i386.debLinux
/proc file system utilities (USN-3658-1) libprocps6_3.3.12-1ubuntu2.1_amd64.debLinux
/proc file system utilities (USN-3658-1) libprocps6_3.3.12-3ubuntu1.1_i386.debLinux
/proc file system utilities (USN-3658-1) libprocps6_3.3.12-3ubuntu1.1_amd64.debLinux
procps security update(DSA-4208-1) procps_3.3.9-9+deb8u1_i386.debLinux
procps security update(DSA-4208-1) procps_3.3.9-9+deb8u1_amd64.debLinux
procps security update(DSA-4208-1) procps_3.3.12-3+deb9u1_i386.debLinux
procps security update(DSA-4208-1) procps_3.3.12-3+deb9u1_amd64.debLinux
Procps security update (CESA-2018:1777) procps-3.2.8-45.el6_9.3.i686.rpmLinux
Procps security update (CESA-2018:1777) procps-3.2.8-45.el6_9.3.x86_64.rpmLinux
Procps security update (CESA-2018:1777) procps-devel-3.2.8-45.el6_9.3.i686.rpmLinux
Procps security update (CESA-2018:1777) procps-devel-3.2.8-45.el6_9.3.x86_64.rpmLinux
(RHSA-2018:1700) Important: procps-ng security update procps-ng-3.3.10-17.el7_5.2.i686.rpmLinux
(RHSA-2018:1700) Important: procps-ng security update procps-ng-3.3.10-17.el7_5.2.x86_64.rpmLinux
(RHSA-2018:1700) Important: procps-ng security update procps-ng-devel-3.3.10-17.el7_5.2.i686.rpmLinux
(RHSA-2018:1700) Important: procps-ng security update procps-ng-devel-3.3.10-17.el7_5.2.x86_64.rpmLinux
(RHSA-2018:1700) Important: procps-ng security update procps-ng-i18n-3.3.10-17.el7_5.2.x86_64.rpmLinux
(RHSA-2018:1777) Important: procps security update procps-3.2.8-45.el6_9.3.i686.rpmLinux
(RHSA-2018:1777) Important: procps security update procps-3.2.8-45.el6_9.3.x86_64.rpmLinux
(RHSA-2018:1777) Important: procps security update procps-devel-3.2.8-45.el6_9.3.i686.rpmLinux
(RHSA-2018:1777) Important: procps security update procps-devel-3.2.8-45.el6_9.3.x86_64.rpmLinux
SUSE-SU-2018:1836-1(SUSE Linux Enterprise Desktop 12-SP3 ) libprocps3-3.3.9-11.11.1.x86_64.rpmLinux
SUSE-SU-2018:1836-1(SUSE Linux Enterprise Desktop 12-SP3 ) libprocps3-debuginfo-3.3.9-11.11.1.x86_64.rpmLinux
SUSE-SU-2018:1836-1(SUSE Linux Enterprise Desktop 12-SP3 ) procps-3.3.9-11.11.1.x86_64.rpmLinux
SUSE-SU-2018:1836-1(SUSE Linux Enterprise Desktop 12-SP3 ) procps-debuginfo-3.3.9-11.11.1.x86_64.rpmLinux
SUSE-SU-2018:1836-1(SUSE Linux Enterprise Desktop 12-SP3 ) procps-debugsource-3.3.9-11.11.1.x86_64.rpmLinux
SUSE-SU-2018:2042-1(SUSE Linux Enterprise Server 11-SP4 ) procps-3.2.7-152.31.1.x86_64.rpmLinux
SUSE-SU-2018:2451-2(SUSE Linux Enterprise Desktop 12-SP3 ) libprocps3-3.3.9-11.14.1.x86_64.rpmLinux
SUSE-SU-2018:2451-2(SUSE Linux Enterprise Desktop 12-SP3 ) libprocps3-debuginfo-3.3.9-11.14.1.x86_64.rpmLinux
SUSE-SU-2018:2451-2(SUSE Linux Enterprise Desktop 12-SP3 ) procps-3.3.9-11.14.1.x86_64.rpmLinux
SUSE-SU-2018:2451-2(SUSE Linux Enterprise Desktop 12-SP3 ) procps-debuginfo-3.3.9-11.14.1.x86_64.rpmLinux
SUSE-SU-2018:2451-2(SUSE Linux Enterprise Desktop 12-SP3 ) procps-debugsource-3.3.9-11.14.1.x86_64.rpmLinux
SUSE-SU-2019:0450-1(SUSE Linux Enterprise Desktop 12-SP4 ) libprocps3-3.3.9-11.18.1.x86_64.rpmLinux
SUSE-SU-2019:0450-1(SUSE Linux Enterprise Desktop 12-SP4 ) libprocps3-debuginfo-3.3.9-11.18.1.x86_64.rpmLinux
SUSE-SU-2019:0450-1(SUSE Linux Enterprise Desktop 12-SP4 ) procps-3.3.9-11.18.1.x86_64.rpmLinux
SUSE-SU-2019:0450-1(SUSE Linux Enterprise Desktop 12-SP4 ) procps-debuginfo-3.3.9-11.18.1.x86_64.rpmLinux
SUSE-SU-2019:0450-1(SUSE Linux Enterprise Desktop 12-SP4 ) procps-debugsource-3.3.9-11.18.1.x86_64.rpmLinux
Procps-ng update (ELSA-2018-1700) procps-ng-3.3.10-17.el7_5.2.x86_64.rpmLinux
Procps-ng-devel update (ELSA-2018-1700) procps-ng-devel-3.3.10-17.el7_5.2.x86_64.rpmLinux
Procps-ng-i18n update (ELSA-2018-1700) procps-ng-i18n-3.3.10-17.el7_5.2.x86_64.rpmLinux
Procps-ng update (ELSA-2018-1700) procps-ng-3.3.10-17.el7_5.2.i686.rpmLinux
Procps-ng-devel update (ELSA-2018-1700) procps-ng-devel-3.3.10-17.el7_5.2.i686.rpmLinux
Procps update (ELSA-2018-1777) procps-3.2.8-45.0.1.el6_9.3.x86_64.rpmLinux
Procps-devel update (ELSA-2018-1777) procps-devel-3.2.8-45.0.1.el6_9.3.x86_64.rpmLinux
Procps update (ELSA-2018-1777) procps-3.2.8-45.0.1.el6_9.3.i686.rpmLinux
Procps-devel update (ELSA-2018-1777) procps-devel-3.2.8-45.0.1.el6_9.3.i686.rpmLinux
(CESA-2018:1700) Important: procps-ng security update procps-ng-3.3.10-17.el7_5.2.x86_64.rpmLinux
Out-of-bounds Write Vulnerability (CVE-2018-1124)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234