VDB
CISA-2018-1125
CISA-2018-1125
PUBLISHED
CVSS 4.4 MEDIUM
Reported by redhat · Published May 23, 2018
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
Risk Scores
CVSS 3.0
4.4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| [UNKNOWN] | procps-ng, procps | procps-ng 3.3.15 |
| [UNKNOWN] | procps-ng, procps | procps-ng 3.3.15, procps-ng 3.3.15 |
Timeline
- May 23, 2018 CVE Published
- Dec 17, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- x_refsource_CONFIRM
- USN-3658-1 vendor-advisoryx_refsource_UBUNTU
- DSA-4208 vendor-advisoryx_refsource_DEBIAN
- [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update mailing-listx_refsource_MLIST
- USN-3658-3 vendor-advisoryx_refsource_UBUNTU
- 104214 vdb-entryx_refsource_BID
- [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report mailing-listx_refsource_MLIST
- x_refsource_MISC
- openSUSE-SU-2019:2376 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2019:2379 vendor-advisoryx_refsource_SUSE