CVE-2023-33204 — Integer Overflow or Wraparound in Sysstat

CWE-190 — Integer Overflow or Wraparound CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sysstat Project Sysstat Debian Sysstat Debian Linux +4 more

Timeline

PublishedMay 18

Latest updateJun 7

Description

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/sysstat< sysstat 12.5.2-2+deb11u1 (bullseye)

▶Debiansysstat_project/sysstat< 12.5.2-2+deb11u1+2

▶Ubuntusysstat_project/sysstat< 12.2.0-2ubuntu0.3+4

▶NVDsysstat_project/sysstat12.7.2

▶msrcmsrc/cbl2_sysstat_12.7.1-2_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0, Fedora 37, 38

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

sysstat vulnerabilities↗2023-06-07

▶

GHSA

GHSA-57g7-qvg2-m23f: sysstat through 12↗2023-05-18

▶

OSV

CVE-2023-33204: sysstat through 12↗2023-05-18

▶

📋Vendor Advisories

Ubuntu

Sysstat vulnerabilities↗2023-06-07

▶

Red Hat

sysstat: check_overflow() function can work incorrectly that lead to an overflow↗2023-05-18

▶

Microsoft

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.↗2023-05-09

▶

Debian

CVE-2023-33204: sysstat - sysstat through 12.7.2 allows a multiplication integer overflow in check_overflo...↗2023

▶