CVE-2018-1125

Summary

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]procps-ng, procpsprocps-ng 3.3.15affected

Weaknesses

  • CWE-121: CWE-121

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References