CVE-2024-42934

MEDIUM

OpenIPMI < 2.0.36 - Denial of Service via Out-of-Bounds Array Access in ipmi_sim

Title source: llm
STIX 2.1

Description

OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.

Scores

CVSS v3 5.0
EPSS 0.0040
EPSS Percentile 31.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Published Oct 09, 2024
Tracked Since Feb 18, 2026