Severity Medium
Remote No
Type Arbitrary code execution
A potential stack-based buffer overflow has been found in the pgrep utility of procps-ng <= 3.3.14. If the strlen() of one of the cmdline arguments is greater than INT_MAX (it is possible), then the "int bytes" could wrap around completely, back to a very large positive int, and the next strncat() would be called with a huge number of destination bytes (a stack-based buffer overflow).
Fortunately, every distribution that we checked compiles its procps utilities with FORTIFY, and the fortified strncat() detects and aborts the buffer overflow before it occurs.
Group Package Affected Fixed Severity Status Ticket
AVG-705 procps-ng 3.3.14-1 3.3.15-1 Medium Fixed
Related patch in Qualys' tarball: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch