<p>There is no fixed version for <code>Debian:11</code> <code>sysstat</code>.</p>

Buffer Overflow Affecting sysstat package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.35% (72^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DEBIAN11-SYSSTAT-3111673
published 10 Nov 2022
disclosed 8 Nov 2022

Report a new vulnerability Found a mistake?

Introduced: 8 Nov 2022

CVE-2022-39377 Open this link in a new tab CWE-120 Open this link in a new tab CWE-131 Open this link in a new tab

How to fix?

There is no fixed version for Debian:11 sysstat.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sysstat package and not the sysstat package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1.