7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.6%
Software: sysstat 12.7.2
OS: ROSA-CHROME
package_evr_string: sysstat-12.7.2-1.src.rpm
CVE-ID: CVE-2022-39377
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function does not sufficiently check bounds before arithmetic multiplication, allowing an overflow of the size allocated to the buffer representing system actions. This problem may lead to remote code execution (RCE).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update sysstat
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.6%