Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-4016
HistoryAug 02, 2023 - 12:00 a.m.

CVE-2023-4016

2023-08-0200:00:00
ubuntu.com
ubuntu.com
12
cve-2023-4016; unfiltered data; process heap; "ps" utility; minor dos; memory consumption.

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%

Under some circumstances, this weakness allows a user who has access to run
the “ps” utility on a machine, the ability to write almost unlimited
amounts of unfiltered data into the process heap.

Bugs

Notes

Author Note
Priority reason: Minor DoS allowing a user to consume memory in an uncommon configuration
mdeslaur A user having access to the “ps” utility can consume memory. Having users able to access ps and not consume memory in other ways is a pretty unrealistic scenario.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchprocps< 2:3.3.12-3ubuntu1.2+esm1UNKNOWN
ubuntu20.04noarchprocps< 2:3.3.16-1ubuntu2.4UNKNOWN
ubuntu22.04noarchprocps< 2:3.3.17-6ubuntu2.1UNKNOWN
ubuntu23.04noarchprocps< 2:4.0.3-1ubuntu1.23.04.1UNKNOWN
ubuntu23.10noarchprocps< 2:4.0.3-1ubuntu1.23.10.1UNKNOWN
ubuntu14.04noarchprocps< anyUNKNOWN
ubuntu16.04noarchprocps< 2:3.3.10-4ubuntu2.5+esm1UNKNOWN

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

0.0004 Low

EPSS

Percentile

9.0%