Vulnerability Details : CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2018-1123
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1123
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1123
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
3.9
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
1.3
|
2.5
|
Red Hat, Inc. |
CWE ids for CVE-2018-1123
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Secondary)
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secalert@redhat.com (Primary)
References for CVE-2018-1123
-
https://www.exploit-db.com/exploits/44806/
Procps-ng - Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
http://seclists.org/oss-sec/2018/q2/122
oss-sec: Qualys Security Advisory - Procps-ng Audit ReportMailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123
1575474 – (CVE-2018-1123) CVE-2018-1123 procps-ng, procps: denial of service in ps via mmap buffer overflowIssue Tracking;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html
[SECURITY] [DLA 1390-1] procps security updateThird Party Advisory
-
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Exploit;Third Party Advisory
-
https://security.gentoo.org/glsa/201805-14
procps: Multiple vulnerabilities (GLSA 201805-14) — Gentoo securityThird Party Advisory
-
https://www.debian.org/security/2018/dsa-4208
Debian -- Security Information -- DSA-4208-1 procpsThird Party Advisory
-
http://www.securityfocus.com/bid/104214
Procps-ng Procps Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
[security-announce] openSUSE-SU-2019:2376-1: important: Security update
-
https://usn.ubuntu.com/3658-1/
USN-3658-1: procps-ng vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
[GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 - Pony Mail
-
https://usn.ubuntu.com/3658-3/
USN-3658-3: procps-ng vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
[security-announce] openSUSE-SU-2019:2379-1: important: Security update
Jump to