CVE-2019-19725
published 2019-12-11CVE-2019-19725: sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
PriorityP344critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.76%
84.4th percentile
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | sysstat | < sysstat 12.2.0-2 (bookworm) | sysstat 12.2.0-2 (bookworm) |
| sysstat_project | sysstat | <= 12.2.0 | — |
| sysstat_project | sysstat | >= 0 < 12.2.0-2 | 12.2.0-2 |
| sysstat_project | sysstat | >= 0 < 12.2.0-2 | 12.2.0-2 |
| sysstat_project | sysstat | >= 0 < 12.2.0-2 | 12.2.0-2 |
| sysstat_project | sysstat | >= 0 < 12.2.0-2 | 12.2.0-2 |
| sysstat_project | sysstat | >= 0 < 11.2.0-1ubuntu0.3 | 11.2.0-1ubuntu0.3 |
| sysstat_project | sysstat | >= 0 < 11.6.1-1ubuntu0.1 | 11.6.1-1ubuntu0.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Sysstat vulnerabilities
vendor_ubuntu·2020-01-20·CVSS 5.5
CVE-2019-16167 [MEDIUM] Sysstat vulnerabilities
Title: Sysstat vulnerabilities
Summary: Several security issues were fixed in Sysstat.
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
(CVE-2019-16167)
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-19725)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
vendor_redhat·2019-12-09·CVSS 9.8
CVE-2019-19725 [CRITICAL] CWE-672 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
A double-free vulnerability was found in sysstat in the way the `sadf` command processes the contents of data files created by the `sar` command. Saved binary data files with support for `extra_desc` structures may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, would cause the application to potentially execute arbitrary code.
Statement: This flaw does not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they do not include support for `extra_desc` structures in bina
Debian
CVE-2019-19725: sysstat - sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
vendor_debian·2019·CVSS 9.8
CVE-2019-19725 [CRITICAL] CVE-2019-19725: sysstat - sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
Scope: local
bookworm: resolved (fixed in 12.2.0-2)
bullseye: resolved (fixed in 12.2.0-2)
forky: resolved (fixed in 12.2.0-2)
sid: resolved (fixed in 12.2.0-2)
trixie: resolved (fixed in 12.2.0-2)
GHSA
GHSA-25j9-j567-gc6p: sysstat through 12
ghsa_unreviewed·2022-05-24
CVE-2019-19725 [HIGH] CWE-415 GHSA-25j9-j567-gc6p: sysstat through 12
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
OSV
sysstat vulnerabilities
osv·2020-01-20·CVSS 5.5
CVE-2019-16167 [MEDIUM] sysstat vulnerabilities
sysstat vulnerabilities
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. This issue only affected Ubuntu 19.04 and Ubuntu 19.10.
(CVE-2019-16167)
It was discovered that Sysstat incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-19725)
OSV
CVE-2019-19725: sysstat through 12
osv·2019-12-11·CVSS 9.8
CVE-2019-19725 [CRITICAL] CVE-2019-19725: sysstat through 12
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution [fedora-all]
bugzilla·2019-12-19·CVSS 9.8
CVE-2019-19725 [CRITICAL] CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution [fedora-all]
CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
bugzilla·2019-12-18·CVSS 9.8
CVE-2019-19725 [CRITICAL] CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution
Sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
Upstream Issue:
https://github.com/sysstat/sysstat/issues/242
Discussion:
Created sysstat tracking bugs for this issue:
Affects: fedora-all [bug 1785293]
---
Upstream fix:
https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed
---
The flaw has been introduced upstream in version 12.1.7 with an update to sar/sadf to handle a possible new file format in saved binary data files:
https://github.com/sysstat/sysstat/commit/44c826602a3d7d899c728bd9e6c3488397c5009f
More specifically, new code has been included in function check_file_actlst() to check if extra structures (`
https://github.com/sysstat/sysstat/issues/242https://lists.debian.org/debian-lts-announce/2022/11/msg00014.htmlhttps://security.gentoo.org/glsa/202007-22https://usn.ubuntu.com/4242-1/https://github.com/sysstat/sysstat/issues/242https://lists.debian.org/debian-lts-announce/2022/11/msg00014.htmlhttps://security.gentoo.org/glsa/202007-22https://usn.ubuntu.com/4242-1/
2019-12-11
Published