CVE-2019-16167
published 2019-09-09CVE-2019-16167: sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
PriorityP421medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.53%
71.7th percentile
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | sysstat | < sysstat 12.1.7-1 (bookworm) | sysstat 12.1.7-1 (bookworm) |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| sysstat_project | sysstat | < 12.1.6 | 12.1.6 |
| sysstat_project | sysstat | >= 0 < 12.1.7-1 | 12.1.7-1 |
| sysstat_project | sysstat | >= 0 < 12.1.7-1 | 12.1.7-1 |
| sysstat_project | sysstat | >= 0 < 12.1.7-1 | 12.1.7-1 |
| sysstat_project | sysstat | >= 0 < 12.1.7-1 | 12.1.7-1 |
| sysstat_project | sysstat | >= 0 < 11.2.0-1ubuntu0.3 | 11.2.0-1ubuntu0.3 |
| sysstat_project | sysstat | >= 0 < 11.6.1-1ubuntu0.1 | 11.6.1-1ubuntu0.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Sysstat vulnerabilities
vendor_ubuntu·2020-01-20·CVSS 5.5
CVE-2019-16167 [MEDIUM] Sysstat vulnerabilities
Title: Sysstat vulnerabilities
Summary: Several security issues were fixed in Sysstat.
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
(CVE-2019-16167)
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-19725)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
vendor_redhat·2019-08-03·CVSS 5.5
CVE-2019-16167 [MEDIUM] CWE-190 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
An integer overflow vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the application to crash.
Statement: This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable function, which was introduced in a newer version of the package.
Package: sysstat (Red Hat Enterprise Linux 5) - Not affected
Package: sy
Debian
CVE-2019-16167: sysstat - sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_...
vendor_debian·2019·CVSS 5.5
CVE-2019-16167 [MEDIUM] CVE-2019-16167: sysstat - sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_...
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
Scope: local
bookworm: resolved (fixed in 12.1.7-1)
bullseye: resolved (fixed in 12.1.7-1)
forky: resolved (fixed in 12.1.7-1)
sid: resolved (fixed in 12.1.7-1)
trixie: resolved (fixed in 12.1.7-1)
GHSA
GHSA-qx8v-hqmp-3927: sysstat before 12
ghsa_unreviewed·2022-05-24
CVE-2019-16167 [MEDIUM] CWE-190 GHSA-qx8v-hqmp-3927: sysstat before 12
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
OSV
sysstat vulnerabilities
osv·2020-01-20·CVSS 5.5
CVE-2019-16167 [MEDIUM] sysstat vulnerabilities
sysstat vulnerabilities
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
(CVE-2019-16167)
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-19725)
OSV
CVE-2019-16167: sysstat before 12
osv·2019-09-09·CVSS 5.5
CVE-2019-16167 [MEDIUM] CVE-2019-16167: sysstat before 12
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c [fedora-all]
bugzilla·2019-11-05·CVSS 5.5
CVE-2019-16167 [MEDIUM] CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c [fedora-all]
CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
bugzilla·2019-11-05·CVSS 5.5
CVE-2019-16167 [MEDIUM] CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
Reference:
https://github.com/sysstat/sysstat/issues/230
Upstream commit:
https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781
Discussion:
Created sysstat tracking bugs for this issue:
Affects: fedora-all [bug 1768971]
---
Statement:
This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable function, which was introduced in a newer version of the package.
---
The vulnerable function remap_struct() is used to map structures containing statistics from two different sy
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.htmlhttps://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6https://github.com/sysstat/sysstat/issues/230https://lists.debian.org/debian-lts-announce/2022/11/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/https://usn.ubuntu.com/4242-1/http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.htmlhttps://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6https://github.com/sysstat/sysstat/issues/230https://lists.debian.org/debian-lts-announce/2022/11/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/https://usn.ubuntu.com/4242-1/
2019-09-09
Published