Skip to main content

FreeIPMI CVE-2026-50031

| EUVD-2026-34065 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-06-03 mitre GHSA-qh2m-553j-rjfc
Buffer Overflow Stack Overflow Dell Suse
7.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 03, 2026 - 05:00 EUVD
Analysis Generated
Jun 03, 2026 - 04:14 vuln.today

DescriptionNVD

ipmi-oem in FreeIPMI before 1.16.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.

AnalysisAI

Denial of service in FreeIPMI versions before 1.16.18 allows remote attackers to crash the ipmi-oem client by sending malformed IPMI response messages that trigger stack-based buffer overflows in the 'dell get-active-directory-config' and 'fujitsu get-sel-entry-long-text' subcommands. The flaw is client-side: a victim must invoke the affected subcommand against an attacker-controlled or compromised IPMI endpoint. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

24 hours: Inventory all systems running FreeIPMI and document version numbers (check with ipmi-oem --version). 7 days: Restrict network access to IPMI endpoints from FreeIPMI client systems using firewall rules; disable unnecessary IPMI services on endpoints not actively used. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-5422 HIGH
8.1 Jun 02

Path traversal in Jupyter Server 2.17.0 allows authenticated users to read and write files in sibling directories outsid
CVE-2026-8796 HIGH
8.1 May 31

Heap out-of-bounds read in Sereal::Decoder for Perl before version 5.005 allows remote attackers to leak up to 31 bytes

CVE-2026-43958 HIGH
7.8 Jun 01

Stack-based buffer overflow in rrdcached (the caching daemon for rrdtool) allows a local attacker with socket access to

CVE-2026-40715 HIGH
7.8 Jun 02

Local privilege escalation in Dell ThinOS 10 versions prior to ThinOS10 2602_10.0765 allows a low-privileged user with l
CVE-2026-42504 HIGH
7.5 Jun 02

Algorithmic complexity denial of service in the Go standard library's mime package allows remote unauthenticated attacke

Vendor StatusVendor

Debian

freeipmi
Release Status Fixed Version Urgency
bullseye vulnerable 1.6.6-4+deb11u1 -
bookworm vulnerable 1.6.10-1 -
trixie vulnerable 1.6.15-1 -
forky, sid vulnerable 1.6.17-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-50031 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy