CVE-2018-1122

Summary

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]procps-ng, procpsprocps-ng 3.3.15affected

Weaknesses

  • CWE-829: CWE-829

ADP Enrichment

CVE Program Container

Additional References

References