Procps Ngproject Procps Ng
By the Year
In 2024 there have been 0 vulnerabilities in Procps Ngproject Procps Ng . Procps Ng did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 5 | 7.92 |
It may take a day or so for new Procps Ng vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Procps Ngproject Procps Ng Security Vulnerabilities
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top
CVE-2018-1122
7 - High
- May 23, 2018
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow
CVE-2018-1123
7.5 - High
- May 23, 2018
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Heap-based Buffer Overflow
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep
CVE-2018-1125
7.5 - High
- May 23, 2018
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
Memory Corruption
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function
CVE-2018-1124
7.8 - High
- May 23, 2018
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
Memory Corruption
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc
CVE-2018-1126
9.8 - Critical
- May 23, 2018
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Procps Ngproject? Click the Watch button to subscribe.
