Skip to content

CVE-2023-4016: ps buffer overflow

NIST has published CVE-2023-4016 with the following description:

"Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."

There is only one reference to the procps project without any patch or code details.

  • Are you aware of this issue and is it valid?
  • Could you reference a commit that fixes the problem?

References: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps