Sysstat
CVE-2019-16167
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.
AnalysisAI
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Affected products include: Sysstat Project Sysstat, Fedoraproject Fedora, Opensuse Leap, Canonical Ubuntu Linux, Debian Debian Linux. Version information: before 12.1.6.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. Rated critical severity (CVSS 9.8), this v
sysstat is a set of system performance tools for the Linux operating system. Rated high severity (CVSS 7.8), this vulner
An issue was discovered in sysstat 12.1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication requi
An issue was discovered in sysstat 12.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication req
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today