Atop 2.11 heap problems
a year ago
- #vulnerability
- #atop
- #security
- Atop 2.11 has a vulnerability (CVE-2025-31160) related to heap problems.
- The issue arises when atop connects to the 'atopgpud' daemon's TCP port during initialization.
- A malicious program listening on the same port can send unexpected strings, causing parsing failures and segmentation faults.
- The vulnerability has been present since atop 2.4.0.
- Solutions include: not connecting to the TCP port by default (use '-k' flag to enable), improved string parsing with '-k', and not searching for 'netatop' or 'netatop-bpf' by default (use '-K' flag to enable).