7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%
sysstat is a set of system performance tools for the Linux operating
system. On 32 bit systems, in versions 9.1.16 and newer but prior to
12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The
allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the
buffer representing system activities. This issue may lead to Remote Code
Execution (RCE). This issue has been patched in version 12.7.1.
Author | Note |
---|---|
rodrigo-zaiden | incomplete fix for this CVE caused CVE-2023-33204. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | sysstat | < 11.6.1-1ubuntu0.2 | UNKNOWN |
ubuntu | 20.04 | noarch | sysstat | < 12.2.0-2ubuntu0.2 | UNKNOWN |
ubuntu | 22.04 | noarch | sysstat | < 12.5.2-2ubuntu0.1 | UNKNOWN |
ubuntu | 22.10 | noarch | sysstat | < 12.5.6-1ubuntu0.1 | UNKNOWN |
ubuntu | 23.04 | noarch | sysstat | < 12.5.6-1ubuntu1 | UNKNOWN |
ubuntu | 14.04 | noarch | sysstat | < 10.2.0-1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | sysstat | < 11.2.0-1ubuntu0.3+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
launchpad.net/bugs/cve/CVE-2022-39377
nvd.nist.gov/vuln/detail/CVE-2022-39377
security-tracker.debian.org/tracker/CVE-2022-39377
ubuntu.com/security/notices/USN-5735-1
ubuntu.com/security/notices/USN-5748-1
ubuntu.com/security/notices/USN-6145-1
www.cve.org/CVERecord?id=CVE-2022-39377
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.8%