Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2022-39377

Public on 2022-11-08
Modified on 2024-02-12
Description

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Severity
Medium
See what this means
CVSS v3 Base Score
6.7
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core sysstat 2023-01-30 16:02 ALAS2-2023-1925
Amazon Linux 2023 sysstat 2023-02-17 20:47 ALAS2023-2023-094

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv3 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2022-39377 Mitre: CVE-2022-39377 FAQs regarding Amazon Linux ALAS/CVE Severity