Описание
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
An integer overflow vulnerability was found in sysstat in the way the sadf command processes the contents of data files created by the sar command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the application to crash.
Отчет
This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they did not include the vulnerable function, which was introduced in a newer version of the package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 6 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 7 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 8 | sysstat | Fixed | RHSA-2020:4638 | 04.11.2020 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | sysstat | Fixed | RHSA-2022:0633 | 22.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...
EPSS
5.5 Medium
CVSS3