CVE-2019-16167 — Integer Overflow or Wraparound in Project Sysstat

CWE-190 — Integer Overflow or Wraparound CWE-787 — Out-of-bounds Write9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

1.5%

top 18.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sysstat Project Sysstat Debian Sysstat Canonical Ubuntu Linux +3 more

Timeline

PublishedSep 9

Latest updateMay 24

Description

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/sysstat< sysstat 12.1.7-1 (bookworm)

▶NVDsysstat_project/sysstat< 12.1.6

▶Debiansysstat_project/sysstat< 12.1.7-1+3

▶Ubuntusysstat_project/sysstat< 11.2.0-1ubuntu0.3+1

▶NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 10.0, Fedora 31, Ubuntu Linux 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

GHSA

GHSA-qx8v-hqmp-3927: sysstat before 12↗2022-05-24

▶

OSV

sysstat vulnerabilities↗2020-01-20

▶

OSV

CVE-2019-16167: sysstat before 12↗2019-09-09

▶

📋Vendor Advisories

Ubuntu

Sysstat vulnerabilities↗2020-01-20

▶

Red Hat

sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c↗2019-08-03

▶

Debian

CVE-2019-16167: sysstat - sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_...↗2019

▶

💬Community

Bugzilla

CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c [fedora-all]↗2019-11-05

▶

Bugzilla

CVE-2019-16167 sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c↗2019-11-05

▶