9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.6%
Software: procps-ng 3.3.10
OS: Cobalt 7.9
CVE-ID: CVE-2018-1126.
CVE-Crit: CRITICAL.
CVE-DESC: procps-ng before version 3.3.15 is vulnerable due to incorrect integer size in proc / alloc. *, Which leads to truncation / integer overflow problems. This flaw is related to CVE-2018-1124.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-1123
CVE-Crit: HIGH
CVE-DESC: procps-ng before version 3.3.15 is vulnerable to denial of service in ps via mmap buffer overflow. The built-in protection in ps displays a protection page at the end of the buffer overflow, ensuring that the impact of this vulnerability is limited to a failure (temporary denial of service).
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2018-1125
CVE-Crit: HIGH
CVE-DESC: procps-ng before version 3.3.15 is vulnerable to stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY because it includes strncat () in the stack-allocated string. When pgrep is compiled with FORTIFY (as in Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVE-STATUS: default
CVE-REV: default
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.6%