procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | procps | < 2:3.3.15-1 | procps_2:3.3.15-1_all.deb |
Debian | 11 | all | procps | < 2:3.3.15-1 | procps_2:3.3.15-1_all.deb |
Debian | 10 | all | procps | < 2:3.3.15-1 | procps_2:3.3.15-1_all.deb |
Debian | 999 | all | procps | < 2:3.3.15-1 | procps_2:3.3.15-1_all.deb |
Debian | 13 | all | procps | < 2:3.3.15-1 | procps_2:3.3.15-1_all.deb |