CVE-2018-1126

moderate-risk

Published 2018-05-23

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Do I need to act?

0.49% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

LOCAL / LOW complexity

Affected Products (16)

Procps-Ng

Ubuntu Linux

Debian Linux

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Struxureware Data Center Expert

Affected Vendors

Debian Redhat Canonical Schneider-Electric Procps-Ng Project

References (36)

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html

Mailing List http://seclists.org/oss-sec/2018/q2/122

Third Party Advisory http://www.securityfocus.com/bid/104214

Third Party Advisory http://www.securitytracker.com/id/1041057

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1700

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1777

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:1820

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2267

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:2268

https://access.redhat.com/errata/RHSA-2019:1944

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126

Third Party Advisory https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+Struxur...

Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html

Third Party Advisory https://usn.ubuntu.com/3658-1/

Third Party Advisory https://usn.ubuntu.com/3658-2/

Third Party Advisory https://www.debian.org/security/2018/dsa-4208

Exploit https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html

and 16 more references

/ 100

moderate-risk

Severity 16/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 18/34 · Moderate