RVD#1490: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption which could result in crashes or arbitrary code execution

[rvd-bot]

{
    "id": 1490,
    "title": "RVD#1490: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption which could result in crashes or arbitrary code execution",
    "type": "vulnerability",
    "description": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.",
    "cwe": "CWE-190",
    "cve": "CVE-2018-1124",
    "keywords": [
        "procps",
        "proc"
    ],
    "system": "URx",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 8.3,
        "rvss-vector": "RVSS:1.0/AV:L/AC:L/PR:L/UI:N/Y:T/S:U/C:H/I:H/A:H/H:U",
        "severity-description": "high",
        "cvss-score": 7.8,
        "cvss-vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
    },
    "links": [
        "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1124",
        "https://seclists.org/oss-sec/2018/q2/122",
        "https://github.com/aliasrobotics/RVD/issues/1490"
    ],
    "flaw": {
        "phase": "testing",
        "specificity": "general issue",
        "architectural-location": "platform code",
        "application": "proc pseudo filesystem",
        "subsystem": "N/A",
        "package": "procps 1:3.3.3-3 i386",
        "languages": "C",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "N/A",
        "date-reported": "2020-04-03",
        "reported-by": "Qualys Security Advisory, Alias Robotics S.L.",
        "reported-by-relationship": "N/A",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1490",
        "reproducibility": "Always",
        "trace": "N/A",
        "reproduction": "N/A",
        "reproduction-image": "N/A"
    },
    "exploitation": {
        "description": "An attacker can exploit an integer overflow in libprocps's file2strvec() function and carry out an LPE when another user, administrator, or script executes a vulnerable utility.",
        "exploitation-image": "N/A",
        "exploitation-vector": "N/A"
    },
    "mitigation": {
        "description": "sudo apt-get --assume-yes install --only-upgrade procps",
        "pull-request": "https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20",
        "date-mitigation": null
    }
}