CVE-2023-4016 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.5 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
trellix	CNA	2.5 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
procps_project	procps	3.3.0 ≤ 𝑥 ≤ 4.0.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

procps

bullseye	no-dsa
bookworm	no-dsa
buster	postponed
sid	2:4.0.4-6 fixed
trixie	2:4.0.4-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

procps

oracular	not-affected
noble	not-affected
mantic	Fixed 2:4.0.3-1ubuntu1.23.10.1 released
lunar	Fixed 2:4.0.3-1ubuntu1.23.04.1 released
jammy	Fixed 2:3.3.17-6ubuntu2.1 released
focal	Fixed 2:3.3.16-1ubuntu2.4 released
bionic	Fixed 2:3.3.12-3ubuntu1.2+esm1 released
xenial	Fixed 2:3.3.10-4ubuntu2.5+esm1 released
trusty	ignored

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://gitlab.com/procps-ng/procps

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/

https://gitlab.com/procps-ng/procps

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/