CVE-2023-4016

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4016
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4016.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4016
Related
Published
2023-08-02T05:15:09Z
Modified
2024-12-05T15:39:54.483655Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

References

Affected packages

Alpine:v3.15 / procps

Package

Name
procps
Purl
pkg:apk/alpine/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.17-r1

Affected versions

3.*

3.2.8-r0
3.2.8-r1
3.2.8-r2
3.3.4-r0
3.3.4-r1
3.3.6-r0
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.9-r2
3.3.9-r3
3.3.12-r0
3.3.12-r1
3.3.12-r2
3.3.12-r3
3.3.12-r4
3.3.12-r5
3.3.15-r0
3.3.15-r1
3.3.16-r0
3.3.17-r0

Alpine:v3.16 / procps

Package

Name
procps
Purl
pkg:apk/alpine/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.17-r2

Affected versions

3.*

3.2.8-r0
3.2.8-r1
3.2.8-r2
3.3.4-r0
3.3.4-r1
3.3.6-r0
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.9-r2
3.3.9-r3
3.3.12-r0
3.3.12-r1
3.3.12-r2
3.3.12-r3
3.3.12-r4
3.3.12-r5
3.3.15-r0
3.3.15-r1
3.3.16-r0
3.3.17-r0
3.3.17-r1

Alpine:v3.17 / procps

Package

Name
procps
Purl
pkg:apk/alpine/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.17-r3

Affected versions

3.*

3.2.8-r0
3.2.8-r1
3.2.8-r2
3.3.4-r0
3.3.4-r1
3.3.6-r0
3.3.8-r0
3.3.9-r0
3.3.9-r1
3.3.9-r2
3.3.9-r3
3.3.12-r0
3.3.12-r1
3.3.12-r2
3.3.12-r3
3.3.12-r4
3.3.12-r5
3.3.15-r0
3.3.15-r1
3.3.16-r0
3.3.17-r0
3.3.17-r1
3.3.17-r2

Alpine:v3.18 / procps-ng

Package

Name
procps-ng
Purl
pkg:apk/alpine/procps-ng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.4-r0

Affected versions

4.*

4.0.3-r0
4.0.3-r1

Alpine:v3.19 / procps-ng

Package

Name
procps-ng
Purl
pkg:apk/alpine/procps-ng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.4-r0

Affected versions

4.*

4.0.3-r0
4.0.3-r1
4.0.3-r2

Alpine:v3.20 / procps-ng

Package

Name
procps-ng
Purl
pkg:apk/alpine/procps-ng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.4-r0

Affected versions

4.*

4.0.3-r0
4.0.3-r1
4.0.3-r2

Alpine:v3.21 / procps-ng

Package

Name
procps-ng
Purl
pkg:apk/alpine/procps-ng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.4-r0

Affected versions

4.*

4.0.3-r0
4.0.3-r1
4.0.3-r2

Debian:11 / procps

Package

Name
procps
Purl
pkg:deb/debian/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:3.*

2:3.3.17-5
2:3.3.17-6
2:3.3.17-6+hurd.1
2:3.3.17-7
2:3.3.17-7.1

2:4.*

2:4.0.0-1
2:4.0.1~rc3-1
2:4.0.1-1
2:4.0.2-1
2:4.0.2-2
2:4.0.2-3
2:4.0.3-1
2:4.0.3-1+loong64
2:4.0.4-1
2:4.0.4-2
2:4.0.4-3
2:4.0.4-4
2:4.0.4-5
2:4.0.4-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / procps

Package

Name
procps
Purl
pkg:deb/debian/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:4.*

2:4.0.2-3
2:4.0.3-1
2:4.0.3-1+loong64
2:4.0.4-1
2:4.0.4-2
2:4.0.4-3
2:4.0.4-4
2:4.0.4-5
2:4.0.4-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / procps

Package

Name
procps
Purl
pkg:deb/debian/procps?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:4.0.4-1

Affected versions

2:4.*

2:4.0.2-3
2:4.0.3-1
2:4.0.3-1+loong64

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.com/procps-ng/procps

Affected ranges

Type
GIT
Repo
https://gitlab.com/procps-ng/procps
Events

Affected versions

v3.*

v3.3.0
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.13rc1
v3.3.14
v3.3.15
v3.3.16
v3.3.17
v3.3.17rc1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9

v4.*

v4.0.0
v4.0.1
v4.0.1rc1
v4.0.1rc2
v4.0.1rc3
v4.0.2
v4.0.2_rc1
v4.0.3
v4.0.3_rc1