MidnightBSD

Advisories for sysstat_project

CVE-2018-19416 MEDIUM

An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
sysstat_project sysstat 12.1.1
CVE-2018-19517 MEDIUM

An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
sysstat_project sysstat 12.1.1
CVE-2019-16167 MEDIUM

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
fedoraproject fedora 31
sysstat_project sysstat *
canonical ubuntu_linux 16.04
opensuse leap 15.0
opensuse leap 15.1
canonical ubuntu_linux 19.10
debian debian_linux 10.0
canonical ubuntu_linux 19.04
CVE-2019-19725 HIGH

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-415,

Products Affected

Vendor Product Version
canonical ubuntu_linux 18.04
sysstat_project sysstat *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
debian debian_linux 10.0
canonical ubuntu_linux 19.04
CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Products Affected

Vendor Product Version
sysstat_project sysstat *
fedoraproject fedora 35
fedoraproject fedora 36
fedoraproject fedora 37
debian debian_linux 10.0
CVE-2023-33204

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

Products Affected

Vendor Product Version
sysstat_project sysstat *
fedoraproject fedora 38
fedoraproject fedora 37
debian debian_linux 10.0