Skip to main content

Slurm CVE-2023-49936

HIGH
NULL Pointer Dereference (CWE-476)
2023-12-14 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 14, 2023 - 05:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

AnalysisAI

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. A NULL pointer dereference leads to denial of service. The fixed versions are 22.05.11, 23.02.7, and 23.11.1. Affected products include: Schedmd Slurm.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

More in Slurm

View all
CVE-2023-49937 CRITICAL
9.8 Dec 14

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated critical severity (CVSS 9.8), this vulnera

CVE-2023-49934 CRITICAL
9.8 Dec 14

An issue was discovered in SchedMD Slurm 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2022-29502 CRITICAL
9.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critica

CVE-2020-27745 CRITICAL
9.8 Nov 27

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Rated critical severity

CVE-2019-12838 CRITICAL
9.8 Jul 11

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. Rated critical severity (CVSS 9.8), th

CVE-2019-6438 CRITICAL
9.8 Jan 31

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. Rated critical severity (CVSS 9.8), thi

CVE-2018-7033 CRITICAL
9.8 Mar 15

SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. Rated critical s

CVE-2023-49935 HIGH
8.8 Dec 14

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2022-29501 HIGH
8.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execu

CVE-2022-29500 HIGH
8.8 May 05

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high seve

CVE-2021-31215 HIGH
8.8 May 13

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser becaus

CVE-2016-10030 HIGH
8.1 Jan 05

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 h

Share

CVE-2023-49936 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy