CVE-2019-19725 — Double Free in Sysstat

CWE-415 — Double Free CWE-672 — Operation on a Resource after Expiration or Release9 documents7 sources

Severity

9.8CRITICALNVD

OSV5.5

EPSS

1.0%

top 23.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sysstat Project Sysstat Debian Sysstat Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 11

Latest updateMay 24

Description

sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/sysstat< sysstat 12.2.0-2 (bookworm)

▶Debiansysstat_project/sysstat< 12.2.0-2+3

▶Ubuntusysstat_project/sysstat< 11.2.0-1ubuntu0.3+1

▶NVDsysstat_project/sysstat12.2.0

Also affects: Debian Linux 10.0, Ubuntu Linux 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

GHSA

GHSA-25j9-j567-gc6p: sysstat through 12↗2022-05-24

▶

OSV

sysstat vulnerabilities↗2020-01-20

▶

OSV

CVE-2019-19725: sysstat through 12↗2019-12-11

▶

📋Vendor Advisories

Ubuntu

Sysstat vulnerabilities↗2020-01-20

▶

Red Hat

sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution↗2019-12-09

▶

Debian

CVE-2019-19725: sysstat - sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.↗2019

▶

💬Community

Bugzilla

CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution [fedora-all]↗2019-12-19

▶

Bugzilla

CVE-2019-19725 sysstat: double free in check_file_actlst() in sa_common.c may lead to arbitrary code execution↗2019-12-18

▶