CVE-2018-1123

CVSS 3.9 LOWEPSS 9.1%CWE-122

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Affected products

[UNKNOWN] · procps-ng, procps

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/44806/unverified exploitdbwww.exploit-db.com/exploits/44806unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123 http://seclists.org/oss-sec/2018/q2/122 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html https://security.gentoo.org/glsa/201805-14 https://usn.ubuntu.com/3658-1/https://usn.ubuntu.com/3658-3/https://www.debian.org/security/2018/dsa-4208 https://www.exploit-db.com/exploits/44806/