A flaw was found where procps-ng provides wrappers for standard C allocators that took unsigned int
instead of size_t
parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124.