Hide Forgot
Sysstat On 32 bit systems, in versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic multiplication, allowing for an overflow in the size allocated for the buffer representing system activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version 12.7.1. https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x
Created sysstat tracking bugs for this issue: Affects: fedora-35 [bug 2141208] Affects: fedora-36 [bug 2141209]
Upstream Commits: https://github.com/sysstat/sysstat/commit/076313903801533470fad5199443bc387cd66f10 https://github.com/sysstat/sysstat/commit/a953ee3307d51255cc96e1f211882e97f795eed9