{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:31:23.037","vulnerabilities":[{"cve":{"id":"CVE-2018-1124","sourceIdentifier":"secalert@redhat.com","published":"2018-05-23T13:29:00.263","lastModified":"2024-11-21T03:59:13.937","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."},{"lang":"es","value":"procps-ng en versiones anteriores a la 3.3.15 es vulnerable a múltiples desbordamientos de enteros que conducen a una corrupción de la memoria dinámica (heap) en la función file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podría resultar en cierres inesperados o la ejecución de código arbitrario en las utilidades proc ejecutadas por otros usuarios."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.15","matchCriteriaId":"9D3B02AD-4269-4FF0-9E2B-C336F3E56A7B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","matchCriteriaId":"9070C9D8-A14A-467F-8253-33B966C16886"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*","matchCriteriaId":"4EB48767-F095-444F-9E05-D9AC345AB803"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6.0","matchCriteriaId":"6CB56955-1A47-4F6C-A354-8BBAE7534504"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","matchCriteriaId":"F1E78106-58E6-4D59-990F-75DA575BFAD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","matchCriteriaId":"B620311B-34A3-48A6-82DF-6F078D7A4493"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/oss-sec/2018/q2/122","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/104214","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041057","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1700","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1777","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1820","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2267","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2268","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1944","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2401","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10241","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201805-14","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3658-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3658-2/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4208","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/44806/","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/oss-sec/2018/q2/122","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/104214","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041057","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1700","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1777","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1820","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2267","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:2268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:1944","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2401","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201805-14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3658-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3658-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4208","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/44806/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}