PT-2022-7425 · Sysstat+10 · Sysstat+10

Published

2022-11-08

Updated

2025-10-17

CVE-2022-39377

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sysstat versions 9.1.16 through 12.7.0

Description The issue is related to the allocate structures function in sa common.c, which insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This may lead to Remote Code Execution (RCE). The allocate structures function is vulnerable due to a size t overflow.

Recommendations For versions 9.1.16 through 12.7.0, update to version 12.7.1 to resolve the issue. As a temporary workaround, consider disabling the allocate structures function until a patch is available.

Exploit

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-131CWE-120

Related Identifiers

ALSA-2023:2234

ALSA-2023:2800

ALSA-2023_2234

ALSA-2023_2800

ALT-PU-2022-3125

ALT-PU-2022-3130

ALT-PU-2022-3265

ALT-PU-2022-3269

AZL-11450

BDU:2024-06029

CESA-2023_2800

CVE-2022-39377

DLA-3188-1

DLA-3434-1

DLA-4336-1

GHSA-Q8R6-G56F-9W7X

MGASA-2022-0433

OESA-2022-2107

OPENSUSE-SU-2024:12658-1

OPENSUSE-SU-2025_0019-1

RHSA-2023:2234

RHSA-2023:2800

RHSA-2023_2234

RHSA-2023_2800

ROSA-SA-2023-2198

ROSA-SA-2025-2663

SUSE-SU-2025:0012-1

SUSE-SU-2025:0019-1

SUSE-SU-2025_0012-1

SUSE-SU-2025_0019-1

USN-5735-1

USN-5748-1

USN-6145-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

Sysstat

PT-2022-7425 · Sysstat+10 · Sysstat+10

CVE-2022-39377

Weakness Enumeration

Related Identifiers

Affected Products

References · 69