CVE Catalog

CVE-2023-4016

LowCVSS 2.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

CVE-2023-4016 allows a user with access to run the 'ps' utility on a machine to write almost unlimited amounts of unfiltered data into the process heap.

Risk Assessment

This could lead to memory leaks or other unforeseen system behaviors, posing a risk to the integrity and availability of services.

Recommendation

It is recommended to restrict access to the 'ps' utility and monitor process memory usage to detect potential abuses.

Original NVD description (English source)

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS