CVE-2020-5208

EPSS 0.57%
Published 05.02.2020 14:15:11
Last modified 21.11.2024 05:33:40
Source security-advisories@github.com
Teams watchlist Login
Open Login

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Affected products Warnungen 0 Metrics 4 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Ipmitool Project ≫ Ipmitool Version1.8.18

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Opensuse ≫ Leap Version15.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.676

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
security-advisories@github.com	7.7	1.3	5.8	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00031.html

Third Party Advisory

Mailing List

https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2

Patch

Third Party Advisory

https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/02/msg00006.html

Third Party Advisory

Mailing List