CVE-2022-39377

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-39377
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-11-08 20:15:00 UTC
Updated2023-11-07 03:50:00 UTC
Descriptionsysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.

Risk And Classification

Problem Types: CWE-120 | CWE-131

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All
Application Sysstat Project Sysstat All All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3188-1] sysstat security update MLIST lists.debian.org Mailing List, Third Party Advisory
[SECURITY] Fedora 36 Update: sysstat-12.5.6-2.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: sysstat-12.5.6-2.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 36 Update: sysstat-12.5.6-2.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
sysstat overflow on 32-bit systems · Advisory · sysstat/sysstat · GitHub CONFIRM github.com
sysstat: Arbitrary Code Execution (GLSA 202211-07) — Gentoo security GENTOO security.gentoo.org
[SECURITY] Fedora 37 Update: sysstat-12.6.0-4.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: sysstat-12.5.6-2.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 37 Update: sysstat-12.6.0-4.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160627 Oracle Enterprise Linux Security Update for sysstat (ELSA-2023-2234)
  • 160670 Oracle Enterprise Linux Security Update for sysstat (ELSA-2023-2800)
  • 181211 Debian Security Update for sysstat (DLA 3188-1)
  • 181805 Debian Security Update for sysstat (DLA 3434-1)
  • 184228 Debian Security Update for sysstat (CVE-2022-39377)
  • 199052 Ubuntu Security Notification for Sysstat Vulnerability (USN-5748-1)
  • 199402 Ubuntu Security Notification for Sysstat Vulnerabilities (USN-6145-1)
  • 241432 Red Hat Update for sysstat (RHSA-2023:2234)
  • 241475 Red Hat Update for sysstat (RHSA-2023:2800)
  • 283322 Fedora Security Update for sysstat (FEDORA-2022-dbe48a4bc7)
  • 283323 Fedora Security Update for sysstat (FEDORA-2022-5adda2d05f)
  • 283429 Fedora Security Update for sysstat (FEDORA-2022-9f3af921a5)
  • 354394 Amazon Linux Security Advisory for sysstat : ALAS2022-2022-255
  • 354568 Amazon Linux Security Advisory for sysstat : ALAS-2022-255
  • 354726 Amazon Linux Security Advisory for sysstat : ALAS2-2023-1925
  • 355169 Amazon Linux Security Advisory for sysstat : ALAS2023-2023-094
  • 378644 Alibaba Cloud Linux Security Update for sysstat (ALINUX3-SA-2023:0070)
  • 672525 EulerOS Security Update for sysstat (EulerOS-SA-2023-1138)
  • 672554 EulerOS Security Update for sysstat (EulerOS-SA-2023-1114)
  • 672603 EulerOS Security Update for sysstat (EulerOS-SA-2023-1338)
  • 672625 EulerOS Security Update for sysstat (EulerOS-SA-2023-1373)
  • 672640 EulerOS Security Update for sysstat (EulerOS-SA-2023-1401)
  • 672697 EulerOS Security Update for sysstat (EulerOS-SA-2023-1418)
  • 672698 EulerOS Security Update for sysstat (EulerOS-SA-2023-1433)
  • 673289 EulerOS Security Update for sysstat (EulerOS-SA-2023-2629)
  • 673301 EulerOS Security Update for sysstat (EulerOS-SA-2023-2599)
  • 710685 Gentoo Linux sysstat Arbitrary Code Execution Vulnerability (GLSA 202211-07)
  • 904508 Common Base Linux Mariner (CBL-Mariner) Security Update for sysstat (11450)
  • 904638 Common Base Linux Mariner (CBL-Mariner) Security Update for sysstat (11450-1)
  • 904793 Common Base Linux Mariner (CBL-Mariner) Security Update for sysstat (12130)
  • 904800 Common Base Linux Mariner (CBL-Mariner) Security Update for sysstat (12130-1)
  • 905909 Common Base Linux Mariner (CBL-Mariner) Security Update for sysstat (12130-2)
  • 941040 AlmaLinux Security Update for sysstat (ALSA-2023:2234)
  • 941107 AlmaLinux Security Update for sysstat (ALSA-2023:2800)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report