Описание
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | procps | Will not fix | ||
| Red Hat Enterprise Linux 6 | procps | Will not fix | ||
| Red Hat Enterprise Linux 7 | procps-ng | Will not fix | ||
| Red Hat Enterprise Linux 8 | procps-ng | Not affected |
Показывать по
Дополнительная информация
Статус:
3.9 Low
CVSS3
Связанные уязвимости
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
procps-ng before version 3.3.15 is vulnerable to a denial of service i ...
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Уязвимость набора утилит командной строки procps-ng, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю повысить свои привилегии
3.9 Low
CVSS3