Sysstat
CVE-2019-19725
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
AnalysisAI
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-415. sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. Affected products include: Sysstat Project Sysstat, Debian Debian Linux, Canonical Ubuntu Linux. Version information: through 12.2.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
sysstat is a set of system performance tools for the Linux operating system. Rated high severity (CVSS 7.8), this vulner
An issue was discovered in sysstat 12.1.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication requi
sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium se
An issue was discovered in sysstat 12.1.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication req
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS
Same weakness CWE-415 – Double Free
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today