CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33204 – sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://notcve.org/view.php?id=CVE-2023-33204
18 May 2023 — sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. • https://github.com/sysstat/sysstat/pull/360 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 1CVE-2022-39377 – sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow
https://notcve.org/view.php?id=CVE-2022-39377
08 Nov 2022 — sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. sysstat es un ... • https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19725 – Ubuntu Security Notice USN-4242-1
https://notcve.org/view.php?id=CVE-2019-19725
11 Dec 2019 — sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. sysstat versiones hasta 12.2.0, presenta una doble liberación en la función check_file_actlst en el archivo sa_common.c. It was discovered that Sysstat incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10. It was discovered that Sysstat incorrectly handled certain inputs. • https://github.com/sysstat/sysstat/issues/242 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2019-16167 – sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
https://notcve.org/view.php?id=CVE-2019-16167
09 Sep 2019 — sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. sysstat versiones anteriores a 12.1.6, presenta una corrupción de la memoria debido a un desbordamiento de enteros en la función remap_struct() en el archivo sa_common.c. An integer overflow vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. A local attacker could exploit this flaw by creating a specially crafted file with m... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19517
https://notcve.org/view.php?id=CVE-2018-19517
24 Nov 2018 — An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. Se ha descubierto un problema en sysstat 12.1.1. La función remap_struct en sa_common.c tiene una lectura fuera de límites durante una llamada memset, como se demuestra en sadf. • https://github.com/sysstat/sysstat/issues/199 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19416
https://notcve.org/view.php?id=CVE-2018-19416
21 Nov 2018 — An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf. Se ha descubierto un problema en sysstat 12.1.1. La función remap_struct en sa_common.c tiene una lectura fuera de límites durante una llamada memmove, tal y como queda demostrado con sadf. • http://www.securityfocus.com/bid/106010 • CWE-125: Out-of-bounds Read •