mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-22 22:19:39 +02:00
0xMarcio
875 B
875 B
CVE-2018-1125
Description
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
POC
Reference
- http://seclists.org/oss-sec/2018/q2/122
- https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt