CVE-2018-1126

MEDIUM

procps-ng <3.3.15 - Buffer Overflow

Title source: llm

Description

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

References (18)

Core 18

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3658-1/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4208

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1777

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2267

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:2268

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1700

Third Party Advisory x_refsource_confirm

https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104214

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2018/q2/122

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041057

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2018:1820

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3658-2/

Exploit, Third Party Advisory x_refsource_misc

https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:1944

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html

Scores

CVSS v3 4.8

EPSS 0.0049

EPSS Percentile 65.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (16)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

procps-ng_project/procps-ng < 3.3.15

redhat/enterprise_linux 7.0

redhat/enterprise_linux_desktop 7.0

... and 6 more

Published May 23, 2018

Tracked Since Feb 18, 2026