Published: 08/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but before 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sysstat project sysstat
debian debian linux 10.0
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37

Synopsis Moderate: sysstat security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for sysstat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...

Synopsis Moderate: sysstat security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for sysstat is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

Debian Bug report logs - #1036294 sysstat: CVE-2023-33204 Package: src:sysstat; Maintainer for src:sysstat is Robert Luberda <robert@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 18 May 2023 19:36:01 UTC Severity: important Tags: security, upstream Found in version sysstat/1261-1 ...

Debian Bug report logs - #1023832 sysstat: CVE-2022-39377: sysstat overflow on 32-bit systems Package: src:sysstat; Maintainer for src:sysstat is Robert Luberda <robert@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 10 Nov 2022 22:21:02 UTC Severity: important Tags: security, upstream ...

sysstat is a set of system performance tools for the Linux operating system On 32 bit systems, in versions 9116 and newer but prior to 1271, allocate_structures contains a size_t overflow in sa_commonc The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocate ...

DescriptionThe MITRE CVE dictionary describes this issue as: sysstat is a set of system performance tools for the Linux operating system On 32 bit systems, in versions 9116 and newer but prior to 1271, allocate_structures contains a size_t overflow in sa_commonc The allocate_structures function insufficiently checks bounds before arithmetic ...

ALAS-2022-255 Amazon Linux 2022 Security Advisory: ALAS-2022-255 Advisory Release Date: 2022-12-06 16:45 Pacific ...

CWE-120 CWE-131 https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://security.gentoo.org/glsa/202211-07 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/https://access.redhat.com/errata/RHSA-2023:2800 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2023-1925.html

CVE-2022-39377

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect