7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
25.4%
libsysstat.so is vulnerable to Integer Overflow. The vulnerability exists due to invalid memory allocations in common.c
which allows an attacker to cause an overflow and out-of-bound reads.
CPE | Name | Operator | Version |
---|---|---|---|
libsysstat.so | le | 0.1.0 | |
libsysstat.so | le | 0.1.0 | |
sysstat:sid | eq | 12.5.2-2 | |
sysstat:sid | eq | 12.4.0-1 |
bugzilla.suse.com/show_bug.cgi?id=1211507
github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0
github.com/sysstat/sysstat/pull/360
lists.debian.org/debian-lts-announce/2023/05/msg00026.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/