QwikSec

Security Database

CVE

CWE

Training

CVE-2022-39377

Published: Nov 8, 2022

Modified: Nov 3, 2025

PUBLISHED

CVSS v3.1

7.0

HIGH

Description

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Vendor	Product	Versions
sysstat	sysstat	affected `>= 9.1.16, < 12.7.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x

[debian-lts-announce] 20221113 [SECURITY] [DLA 3188-1] sysstat security update

mailing-list

FEDORA-2022-dbe48a4bc7

vendor-advisory

FEDORA-2022-5adda2d05f

vendor-advisory

FEDORA-2022-9f3af921a5

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.