VDB

CISA-2018-1125

CISA-2018-1125 PUBLISHED CVSS 4.4 MEDIUM

Reported by redhat · Published May 23, 2018

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

Risk Scores

CVSS 3.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected Products

VendorProductVersions
[UNKNOWN]procps-ng, procpsprocps-ng 3.3.15
[UNKNOWN]procps-ng, procpsprocps-ng 3.3.15, procps-ng 3.3.15

Timeline

  • May 23, 2018 CVE Published
  • Dec 17, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›