CVE-2018-1124

Summary

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]procps-ngprocps-ng 3.3.15affected

Weaknesses

  • CWE-190: CWE-190
  • CWE-122: CWE-122

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References