Skip to main content

Slurm CVE-2020-27745

CRITICAL
Classic Buffer Overflow (CWE-120)
2020-11-27 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 27, 2020 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

AnalysisAI

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Affected products include: Schedmd Slurm, Debian Debian Linux. Version information: before 19.05.8.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Slurm

View all
CVE-2023-49937 CRITICAL
9.8 Dec 14

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated critical severity (CVSS 9.8), this vulnera

CVE-2023-49934 CRITICAL
9.8 Dec 14

An issue was discovered in SchedMD Slurm 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2022-29502 CRITICAL
9.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critica

CVE-2019-12838 CRITICAL
9.8 Jul 11

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), th

CVE-2019-6438 CRITICAL
9.8 Jan 31

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. Rated critical severity (CVSS 9.8), thi

CVE-2018-7033 CRITICAL
9.8 Mar 15

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. Rated critical s

CVE-2023-49935 HIGH
8.8 Dec 14

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2022-29501 HIGH
8.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execu

CVE-2022-29500 HIGH
8.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high seve

CVE-2021-31215 HIGH
8.8 May 13

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser becaus

CVE-2016-10030 HIGH
8.1 Jan 05

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 h

CVE-2023-49938 HIGH
8.2 Dec 14

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. Rated high severity (CVSS 8.2), this vulnerability is remo

Share

CVE-2020-27745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy