rpm package
opensuse/procps&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/procps&distro=openSUSE%20Leap%2015.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1125 | Hig | 7.5 | < 3.3.15-lp150.5.3.1 | 3.3.15-lp150.5.3.1 | May 23, 2018 | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limi | |
| CVE-2018-1123 | Low | 3.9 | < 3.3.15-lp150.5.3.1 | 3.3.15-lp150.5.3.1 | May 23, 2018 | procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). | |
| CVE-2018-1122 | Hig | 7.3 | < 3.3.15-lp150.5.3.1 | 3.3.15-lp150.5.3.1 | May 23, 2018 | procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function | |
| CVE-2018-1126 | Med | 4.8 | < 3.3.15-lp150.5.3.1 | 3.3.15-lp150.5.3.1 | May 23, 2018 | procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | |
| CVE-2018-1124 | Hig | 7.8 | < 3.3.15-lp150.5.3.1 | 3.3.15-lp150.5.3.1 | May 23, 2018 | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbit |
- affected < 3.3.15-lp150.5.3.1fixed 3.3.15-lp150.5.3.1
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limi
- affected < 3.3.15-lp150.5.3.1fixed 3.3.15-lp150.5.3.1
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
- affected < 3.3.15-lp150.5.3.1fixed 3.3.15-lp150.5.3.1
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function
- affected < 3.3.15-lp150.5.3.1fixed 3.3.15-lp150.5.3.1
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
- affected < 3.3.15-lp150.5.3.1fixed 3.3.15-lp150.5.3.1
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbit