OpenCVE

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Procps Project	Procps
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:procps_project:procps:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
procps-ng-0:3.3.15-14.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:7187	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 9
procps-ng-0:3.3.17-13.el9	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:6705	2023-11-07T00:00:00Z

References

Link	Providers
https://gitlab.com/procps-ng/procps
https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413
https://gitlab.com/procps-ng/procps/-/issues/297
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/
https://nvd.nist.gov/vuln/detail/CVE-2023-4016
https://www.cve.org/CVERecord?id=CVE-2023-4016
https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016

History

No history.

MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2023-08-02T04:20:20.645Z

Updated: 2024-08-02T07:17:10.954Z

Reserved: 2023-07-31T10:40:24.737Z

Link: CVE-2023-4016

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-02T05:15:09.850

Modified: 2024-11-21T08:34:14.073

Link: CVE-2023-4016

Redhat

Severity : Low

Publid Date: 2023-08-02T00:00:00Z

Links: CVE-2023-4016 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4016", "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "state": "PUBLISHED", "assignerShortName": "trellix", "dateReserved": "2023-07-31T10:40:24.737Z", "datePublished": "2023-08-02T04:20:20.645Z", "dateUpdated": "2024-08-02T07:17:10.954Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Linux Kernal ", "vendor": "Linux", "versions": [{"status": "affected", "version": "3.3.0 (might be earlier) - latest"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Berlin, BGU"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Prof. Oded Margalit, BGU and Trellix"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Prof. Gera Weiss, BGU"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."}], "value": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."}], "impacts": [{"capecId": "CAPEC-9", "descriptions": [{"lang": "en", "value": "CAPEC-9 Buffer Overflow in Local Command-Line Utilities"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808", "shortName": "trellix", "dateUpdated": "2023-08-02T04:20:20.645Z"}, "references": [{"url": "https://gitlab.com/procps-ng/procps"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:10.954Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.com/procps-ng/procps", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:procps_project:procps:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF5C94FB-70FC-4184-AAB1-DEE8A8C957D5", "versionEndIncluding": "4.0.3", "versionStartIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."}], "id": "CVE-2023-4016", "lastModified": "2024-11-21T08:34:14.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-02T05:15:09.850", "references": [{"source": "trellixpsirt@trellix.com", "tags": ["Product"], "url": "https://gitlab.com/procps-ng/procps"}, {"source": "trellixpsirt@trellix.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://gitlab.com/procps-ng/procps"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/"}], "sourceIdentifier": "trellixpsirt@trellix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "trellixpsirt@trellix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7187", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "procps-ng-0:3.3.15-14.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6705", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "procps-ng-0:3.3.17-13.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "procps: ps buffer overflow", "id": "2228494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228494"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-119->CWE-787", "details": ["Under some circumstances, this weakness allows a user who has access to run the \u201cps\u201d utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.", "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service."], "name": "CVE-2023-4016", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "procps", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "procps-ng", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "procps-ng", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2023-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-4016\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4016\nhttps://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413\nhttps://gitlab.com/procps-ng/procps/-/issues/297\nhttps://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016"], "statement": "The affected package is procps, the command line utility known as \u201cps\u201d used to understand the current state of any running processes. On 32 bit systems it is possible to use specific parameters with the -C option to trigger more memory allocation than should be allowed. As this outcome is restricted to local authenticated users, a malicious user in this situation has far more powerful tools at their disposal to bring down the server, for example by simply turning it off. For this reason Red Hat Product Security rates the impact as Low.", "threat_severity": "Low", "upstream_fix": "procps 4.0.4rc1"}