Corey Minyard

**Name of the Vulnerable Software and Affected Versions** OpenIPMI versions prior to 2.0.36 **Description** The issue is related to an out-of-bounds array access in the ipmi sim simulator for authentication type, which can result in denial of service or, with very low probability, authentication bypass or code execution. There is also a missing check on the authorization type on incoming LAN messages. **Recommendations** For OpenIPMI versions prior to 2.0.36, update to version 2.0.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the ipmi sim simulator until a patch is available. Avoid using the vulnerable authentication type in the ipmi sim simulator until the issue is resolved.