CVE-2024-42934

CVSS v3.1

5.0

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OpenIPMI versions prior to 2.0.36

Description The issue is related to an out-of-bounds array access in the ipmi sim simulator for authentication type, which can result in denial of service or, with very low probability, authentication bypass or code execution. There is also a missing check on the authorization type on incoming LAN messages.

Recommendations For OpenIPMI versions prior to 2.0.36, update to version 2.0.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the ipmi sim simulator until a patch is available. Avoid using the vulnerable authentication type in the ipmi sim simulator until the issue is resolved.

Fix

DoS

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALSA-2024:8037

AZL-50318

AZL-50319

BDU:2026-02733

CVE-2024-42934

INFSA-2024_8037

OESA-2024-2283

OESA-2024-2284

OESA-2024-2285

OESA-2024-2289

OESA-2024-2290

OPENSUSE-SU-2024:14373-1

OPENSUSE-SU-2024_3505-1

OPENSUSE-SU-2024_3604-1

RHSA-2024:8037

RHSA-2024:8081

RHSA-2024_8037

RLSA-2024:8037

SUSE-SU-2024:3505-1

SUSE-SU-2024:3604-1

SUSE-SU-2024:3717-1

SUSE-SU-2024_3505-1

SUSE-SU-2024_3604-1

SUSE-SU-2024_3717-1

Affected Products

Almalinux

Debian

Openipmi

Red Hat

Rocky Linux

Suse

CVE-2024-42934

Weakness Enumeration

Related Identifiers

Affected Products

References · 52