CVE-2023-33204

HIGH7.8

sysstat through 12

Published May 18, 2023

Modified 4 months ago

Details

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.

References

WEB

https://github.com/sysstat/sysstat/pull/360

WEB

https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html

WEB

https://lists.debian.org/debian-lts-announce/2025/10/msg00017.html

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-33204

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 18, 2023

ModifiedNov 3, 2025