CVE-2023-33204

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
sysstat_projectsysstat
𝑥
≤ 12.7.2
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sysstat
bullseye
12.5.2-2
not-affected
bookworm
ignored
trixie
12.7.5-2
fixed
sid
12.7.5-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sysstat
lunar
Fixed 12.6.1-1ubuntu0.1
released
kinetic
Fixed 12.5.6-1ubuntu0.2
released
jammy
Fixed 12.5.2-2ubuntu0.2
released
focal
Fixed 12.2.0-2ubuntu0.3
released
bionic
Fixed 11.6.1-1ubuntu0.2+esm1
released
xenial
Fixed 11.2.0-1ubuntu0.3+esm2
released
trusty
Fixed 10.2.0-1ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/sysstat/sysstat/pull/360
https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/
https://github.com/sysstat/sysstat/pull/360
https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV/