7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.6%
Software: sysstat 11.7.3
OS: ROSA Virtualization 2.1
package_evr_string: sysstat-11.7.3-9.rv3
CVE-ID: CVE-2022-39377
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: sysstat is a set of system performance enhancement tools for the Linux operating system. On 32-bit systems, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function does not sufficiently check bounds before arithmetic multiplication, resulting in an overflow of the size allocated to the buffer representing system actions. This problem can lead to remote code execution (RCE).
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update sysstat command
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.6%