CVE-2023-4016 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.5 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
procps_project	procps	3.3.0 ≤ 𝑥 ≤ 4.0.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

procps

bookworm	no-dsa
bullseye	no-dsa
buster	postponed
sid	2:4.0.4-6 fixed
trixie	2:4.0.4-6 fixed

Ubuntu Releases

Ubuntu Product

Codename

procps

bionic	Fixed 2:3.3.12-3ubuntu1.2+esm1 released
focal	Fixed 2:3.3.16-1ubuntu2.4 released
jammy	Fixed 2:3.3.17-6ubuntu2.1 released
lunar	Fixed 2:4.0.3-1ubuntu1.23.04.1 released
mantic	Fixed 2:4.0.3-1ubuntu1.23.10.1 released
noble	not-affected
oracular	not-affected
trusty	ignored
xenial	Fixed 2:3.3.10-4ubuntu2.5+esm1 released

openSUSE / SLES Releases

openSUSE Product

Release

libprocps3

suse enterprise sap 12 SP5	3.3.9-11.27.1 fixed
suse enterprise server 12 SP3	3.3.9-11.33.1 fixed
suse enterprise server 12 SP5	3.3.9-11.33.1 fixed

libprocps7

suse enterprise desktop 15 SP4	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP5	3.3.15-150000.7.34.1 fixed
suse enterprise sap 15 SP4	3.3.15-150000.7.34.1 fixed
suse enterprise sap 15 SP5	3.3.15-150000.7.34.1 fixed
suse enterprise server 15 SP4	3.3.15-150000.7.34.1 fixed
suse enterprise server 15 SP5	3.3.15-150000.7.34.1 fixed

libprocps8

suse enterprise desktop 15 SP6	3.3.17-150000.7.42.1 fixed
suse enterprise desktop 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP6	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP2	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP6	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP7	3.3.17-150000.7.42.1 fixed

procps

suse enterprise desktop 15 SP4	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP5	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise sap 12 SP5	3.3.9-11.27.1 fixed
suse enterprise sap 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise sap 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise server 12 SP3	3.3.9-11.33.1 fixed
suse enterprise server 12 SP5	3.3.9-11.33.1 fixed
suse enterprise server 15 SP2	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise server 15 SP7	3.3.17-150000.7.42.1 fixed

procps-devel

suse enterprise desktop 15 SP4	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP5	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise desktop 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise sap 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise sap 15 SP7	3.3.17-150000.7.42.1 fixed
suse enterprise server 12 SP5	3.3.9-11.33.1 fixed
suse enterprise server 15 SP2	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP3	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP4	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP5	3.3.17-150000.7.42.1 fixed
suse enterprise server 15 SP6	3.3.15-150000.7.34.1 fixed
suse enterprise server 15 SP7	3.3.17-150000.7.42.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

procps-ng

RHEL 8	0:3.3.15-14.el8 fixed
RHEL 9	0:3.3.17-13.el9 fixed

procps-ng-devel

RHEL 8	0:3.3.15-14.el8 fixed
RHEL 9	0:3.3.17-13.el9 fixed

procps-ng-i18n

RHEL 8	0:3.3.15-14.el8 fixed
RHEL 9	0:3.3.17-13.el9 fixed

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://gitlab.com/procps-ng/procps

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/

https://gitlab.com/procps-ng/procps

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/