Slurm
CVE-2023-49936
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.
AnalysisAI
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. Affected products include: Schedmd Slurm.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated critical severity (CVSS 9.8), this vulnera
An issue was discovered in SchedMD Slurm 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critica
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Rated critical severity
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), th
SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. Rated critical severity (CVSS 9.8), thi
SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. Rated critical s
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. Rated high severity (CVSS 8.8), this vulnerability is remo
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execu
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high seve
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser becaus
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 h
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today