What is the vulnerability ID?

The vulnerability ID is CVE-2022-39377.

What is the severity of CVE-2022-39377?

The severity of CVE-2022-39377 is high.

What is the affected software?

The affected software includes sysstat versions 9.1.16 to 12.6.1, Debian Linux 10.0, and Fedora 35, 36, and 37.

What is the CWE ID of CVE-2022-39377?

The CWE ID of CVE-2022-39377 is CWE-120 and CWE-131.

Are there any references available for CVE-2022-39377?

Yes, there are references available for CVE-2022-39377. You can find them [here](https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x), [here](https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html), and [here](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/).

Vulnerability/
CVE-2022-39377

high

7.8

CWE

120 131

8/11/2022

1/2/2023

CVE-2022-39377

First published: Tue Nov 08 2022(Updated: )

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Sysstat Project Sysstat	>=9.1.6<12.6.1
Debian Debian Linux	=10.0
Fedoraproject Fedora	=35
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-39377.
What is the severity of CVE-2022-39377?
The severity of CVE-2022-39377 is high.
What is the affected software?
The affected software includes sysstat versions 9.1.16 to 12.6.1, Debian Linux 10.0, and Fedora 35, 36, and 37.
What is the CWE ID of CVE-2022-39377?
The CWE ID of CVE-2022-39377 is CWE-120 and CWE-131.
Are there any references available for CVE-2022-39377?
Yes, there are references available for CVE-2022-39377. You can find them [here](https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x), [here](https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html), and [here](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6F26ALXWYHT4LN2AHPZM34OQEXTJE3JZ/).

collector/nvd-index
agent/references
agent/author
agent/severity
vendor/sysstat project
canonical/sysstat project sysstat
version/sysstat project sysstat/9.1.6
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/35
version/fedoraproject fedora/36
version/fedoraproject fedora/37

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.