QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1124

Back to search

CVE-2018-1124

Published: May 23, 2018

Modified: Dec 18, 2025

PUBLISHED

CVSS v3.0

7.3

HIGH

Description

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

VendorProductVersions

[UNKNOWN]

procps-ng

affected
procps-ng 3.3.15

Weaknesses (CWE)

CWE-190
CWE-122

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

USN-3658-1
vendor-advisory
x_refsource_UBUNTU
DSA-4208
vendor-advisory
x_refsource_DEBIAN
GLSA-201805-14
vendor-advisory
x_refsource_GENTOO
44806
exploit
x_refsource_EXPLOIT-DB
RHSA-2018:1777
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2267
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2268
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1700
vendor-advisory
x_refsource_REDHAT
104214
vdb-entry
x_refsource_BID
1041057
vdb-entry
x_refsource_SECTRACK
RHSA-2018:1820
vendor-advisory
x_refsource_REDHAT
USN-3658-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:1944
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2401
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2019:2376
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2379
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now