Search criteria
1 vulnerability by openbmc
CVE-2024-41660 (GCVE-0-2024-41660)
Vulnerability from cvelistv5 – Published: 2024-07-31 19:37 – Updated: 2024-07-31 20:16
VLAI
Title
slpd-lite unauthenticated memory corruption
Summary
slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.
Severity
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/openbmc/slpd-lite/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbmc-project:slpd-lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "slpd-lite",
"vendor": "openbmc-project",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T20:14:02.925345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T20:16:53.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "slpd-lite",
"vendor": "openbmc",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:37:46.455Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/openbmc/slpd-lite/security/advisories/GHSA-wmgv-jffg-v3xr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openbmc/slpd-lite/security/advisories/GHSA-wmgv-jffg-v3xr"
}
],
"source": {
"advisory": "GHSA-wmgv-jffg-v3xr",
"discovery": "UNKNOWN"
},
"title": "slpd-lite unauthenticated memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41660",
"datePublished": "2024-07-31T19:37:46.455Z",
"dateReserved": "2024-07-18T15:21:47.482Z",
"dateUpdated": "2024-07-31T20:16:53.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}