CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4016 – procps: ps buffer overflow
https://notcve.org/view.php?id=CVE-2023-4016
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with "ps" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service. • https://gitlab.com/procps-ng/procps https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5 https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 3CVE-2018-1121 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1121
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. procps-ng, procps son vulnerables a una ocultación de procesos mediante una condición de carrera. Debido a que el proc_pid_readdir() del kernel devuelve las entradas PID en orden numérico ascendente, un proceso que ocupe un PID alto puede emplear eventos inotify para determinar cuándo se está escaneando la lista de procesos y hacer un fork/exec para obtener un PID menor, evitando así la enumeración. • https://www.exploit-db.com/exploits/44806 http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121 https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •