Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Published

2022-11-08T20:15:11.193

Last Modified

2024-11-21T07:18:10.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-120
CWE-131
Type: Primary
CWE-131

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sysstat_project	sysstat	< 12.6.1	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes

References

https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/ ([email protected])
https://security.gentoo.org/glsa/202211-07 Third Party Advisory ([email protected])
https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202211-07 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)