Christopher Ertl

**Name of the Vulnerable Software and Affected Versions** ipmitool versions prior to 1.8.19 **Description** The issue arises from multiple functions in ipmitool neglecting proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. The vulnerable functions include `read fru area()`, `read fru area section()`, `ipmi spd print fru()`, `ipmi get session info()`, `ipmi get channel cipher suites()`, and `get lan param select()`. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 1.8.19, update to version 1.8.19 to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable functions until a patch is available. Avoid running ipmitool as a privileged user to minimize the risk of exploitation.