What is CVE-2018-1126?

CVE-2018-1126 is a medium-severity vulnerability in Procps-ng_project Procps-ng, classified under Integer Overflow or Wraparound. CVSS score: 4.8/10. Published 2018-05-23.

How severe is CVE-2018-1126?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Integer overflow in Procps-ng_project Procps-ng

CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Vulnerability class: Integer Overflow

EPSS: 0.020 (78.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L.

Affected products

Procps-ng_project Procps-ng
Schneider-electric Struxureware_data_center_expert
[Unknown] Procps-ng, Procps — versions procps-ng 3.3.15
Canonical Ubuntu_linux — versions 14.04, 16.04, 17.10
Debian Debian_linux — versions 7.0, 8.0, 9.0
Redhat Enterprise_linux — versions 7.0
Redhat Enterprise_linux_desktop — versions 7.0
Redhat Enterprise_linux_server — versions 7.0, 7.5
Redhat Enterprise_linux_server_aus — versions 6.6
Redhat Enterprise_linux_server_tus — versions 6.6

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2018-1126?: CVE-2018-1126 is a medium-severity vulnerability in Procps-ng_project Procps-ng, classified under Integer Overflow or Wraparound. CVSS score: 4.8/10. Published 2018-05-23.
How severe is CVE-2018-1126?: Medium severity. CVSS v3 base score is 4.8 out of 10.