CVE-2018-1126 — MEDIUM (4.8)

Q: What is CVE-2018-1126?

CVE-2018-1126 is a vulnerability with a CVSS score of 4.8 (MEDIUM). procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Q: How severe is CVE-2018-1126?

CVE-2018-1126 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1126?

Check the references section above for vendor advisories and patch information. Affected products include: Procps-Ng Project Procps-Ng, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Procps-Ng Project	Procps-Ng	< 3.3.15
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	7.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	6.6
Redhat	Enterprise Linux Server Tus	6.6
Redhat	Enterprise Linux Workstation	7.0
Schneider-Electric	Struxureware Data Center Expert	< 7.6.0

Related Weaknesses (CWE)

CWE-190

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
http://seclists.org/oss-sec/2018/q2/122Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/104214Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1041057Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:1700Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1777Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1820Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2267Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2268Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1944
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1126Issue TrackingThird Party Advisory
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxurThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlThird Party Advisory
https://usn.ubuntu.com/3658-1/Third Party Advisory

FAQ

What is CVE-2018-1126?

CVE-2018-1126 is a vulnerability with a CVSS score of 4.8 (MEDIUM). procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

How severe is CVE-2018-1126?

CVE-2018-1126 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1126?

Check the references section above for vendor advisories and patch information. Affected products include: Procps-Ng Project Procps-Ng, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.