7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
76.6%
Software: sysstat 12.7.2
OS: ROSA-CHROME
package_evr_string: sysstat-12.7.2-1.src.rpm
CVE-ID: CVE-2022-39377
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: On 32-bit systems in versions 9.1.16 and newer but before 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function does not sufficiently check bounds before arithmetic multiplication, allowing an overflow of the size allocated to the buffer representing system actions. This problem may lead to remote code execution (RCE).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update sysstat