Bug 2228494 (CVE-2023-4016)
Summary: | CVE-2023-4016 procps: ps buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | albert, dfreiber, jburrell, jrybar, rogbas, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | procps 4.0.4rc1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with "ps" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2228503, 2228504, 2229182, 2229183, 2230186 | ||
Bug Blocks: | 2228501 |
Description
Avinash Hanwate
2023-08-02 13:24:06 UTC
So far nobody knows nothing, not even the upstream and the reporter hasn't sent any analysis yet, so there is no information on where the issue is and how it can be fixed. https://gitlab.com/procps-ng/procps/-/issues/297#note_1496932093 Created procps-ng tracking bugs for this issue: Affects: fedora-all [bug 2230186] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6705 https://access.redhat.com/errata/RHSA-2023:6705 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:7187 https://access.redhat.com/errata/RHSA-2023:7187 |