CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33204 – sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://notcve.org/view.php?id=CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. • https://github.com/sysstat/sysstat/pull/360 https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV https://access.redhat.com/security/cve/CVE-2023-33204 https://bugzilla.redhat.com/show_bug.cgi?id=2208270 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-39377 – sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow
https://notcve.org/view.php?id=CVE-2022-39377
sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. sysstat es un conjunto de herramientas de rendimiento del System para el sistema operativo Linux. • https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N https://security.gentoo.org& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19725
https://notcve.org/view.php?id=CVE-2019-19725
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat versiones hasta 12.2.0, presenta una doble liberación en la función check_file_actlst en el archivo sa_common.c. • https://github.com/sysstat/sysstat/issues/242 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://security.gentoo.org/glsa/202007-22 https://usn.ubuntu.com/4242-1 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16167 – sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
https://notcve.org/view.php?id=CVE-2019-16167
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. sysstat versiones anteriores a 12.1.6, presenta una corrupción de la memoria debido a un desbordamiento de enteros en la función remap_struct() en el archivo sa_common.c. An integer overflow vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6 https://github.com/sysstat/sysstat/issues/230 https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3 https://usn.ubuntu.com/4242-1 https://access&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19517
https://notcve.org/view.php?id=CVE-2018-19517
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. Se ha descubierto un problema en sysstat 12.1.1. La función remap_struct en sa_common.c tiene una lectura fuera de límites durante una llamada memset, como se demuestra en sadf. • https://github.com/sysstat/sysstat/issues/199 • CWE-125: Out-of-bounds Read •