Sysstat Security Vulnerabilities

CVE-2023-33204

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for...

CVE-2022-39377

sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic...

CVE-2018-19517

An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by...

CVE-2019-19725

sysstat through 12.2.0 has a double free in check_file_actlst in...

CVE-2019-16167

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in...

CVE-2018-19416

An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by...

CVE-2007-3852

The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary...

CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than...

CVE-2004-0107

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than...