Описание
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
A double-free vulnerability was found in sysstat in the way the sadf command processes the contents of data files created by the sar command. Saved binary data files with support for extra_desc structures may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, would cause the application to potentially execute arbitrary code.
Отчет
This flaw does not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as they do not include support for extra_desc structures in binary data files created by the sar command. Consequently, they do not include the vulnerable code leading to the double free vulnerability either.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 6 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 7 | sysstat | Not affected | ||
| Red Hat Enterprise Linux 8 | sysstat | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...
EPSS
9.8 Critical
CVSS3