CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

References

Affected packages

Debian:11 / procps

Package

Name: procps
Purl: pkg:deb/debian/procps?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.3.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / procps

Package

Name: procps
Purl: pkg:deb/debian/procps?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.3.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / procps

Package

Name: procps
Purl: pkg:deb/debian/procps?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.3.15-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/procps-ng/procps

Affected ranges

Type: GIT
Repo: https://gitlab.com/procps-ng/procps
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7bb949bcba13c107fa0f45d2d0298b1ad6b6d6cc

Affected versions

v3.*

v3.3.0

v3.3.1

v3.3.10

v3.3.11

v3.3.12

v3.3.13

v3.3.13rc1

v3.3.14

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9