-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis started by trying to find commit information related to CVE-2023-4016. Initial attempts to use get_commit_infos with a potentially incorrect GitLab URL failed. After fetching content from NVD and Fedora mailing lists, a Bugzilla link was found (https://bugzilla.redhat.com/show_bug.cgi?id=2228494). This Bugzilla entry provided a direct link to the fixing commit on GitLab and a mailing list discussion. The mailing list discussion (https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016) contained the exact diff of the patch. The diff clearly showed changes in the parse_list function in src/ps/parser.c. The vulnerability was an integer overflow in the calculation of memory size for xmalloc (strlen(arg)*sizeof(sel_union)), leading to a heap buffer overflow when the allocated buffer was written to. The fix involved correctly counting the number of items and using xcalloc for the allocation. Therefore, parse_list is the primary vulnerable function as it contains the flawed logic, and xmalloc is involved as it performs the undersized allocation based on the flawed calculation.