CPE Details
procps-ng Project procps-ng 3.3.0
3.3.0
2019-09-26 12:13 +00:00
2019-09-26 12:13 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:procps-ng_project:procps-ng:3.3.0:*:*:*:*:*:*:*
Informations
Vendor
procps-ng_projectProduct
procps-ngVersion
3.3.0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. | 7.3 |
HIGH |
||
| procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). | 7.5 |
HIGH |
||
| procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. | 7.5 |
HIGH |
||
| procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. | 7.8 |
HIGH |
||
| procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | 9.8 |
CRITICAL |
2024©
tesweb SA
