Home > Vulnerability Database > CVE-2022-39377

Mend.io Vulnerability Database

CVE-2022-39377

Good to know:

Date: November 8, 2022

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Language: C

Severity Score

7.8

Related Resources (10)

Url: https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHUVUDIVDJZ7AVXD3XX3NBXXXKPOKN3N/

Url: https://security.gentoo.org/glsa/202211-07

Url: https://security-tracker.debian.org/tracker/CVE-2022-39377

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7X6WKTODOUDV6M3HZMASYNZP6EM4N7W4/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39377

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/

Url: https://access.redhat.com/security/cve/CVE-2022-39377

Url: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x

Url: https://www.mend.io/vulnerability-database/CVE-2022-39377

Severity Score

7.8

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Incorrect Calculation of Buffer Size

CWE-131

Top Fix

Upgrade Version

Upgrade to version v12.7.1

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39377

Good to know:

Date: November 8, 2022

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?