{ "threat_severity" : "Moderate", "public_date" : "2026-06-03T03:07:25Z", "bugzilla" : { "description" : "freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client", "id" : "2484296", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2484296" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-120", "details" : [ "ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands \"ipmi-oem dell get-active-directory-config\" and \"ipmi-oem fujitsu get-sel-entry-long-text\" were found to have exploitable buffer overflows on response messages.", "A flaw was found in FreeIPMI. Specifically, the `ipmi-oem` client command, which implements Intelligent Platform Management Interface (IPMI) OEM commands, contains exploitable buffer overflows. A remote attacker could exploit these vulnerabilities by sending specially crafted response messages to the `ipmi-oem` client, leading to a denial of service (DoS) condition and making the system unavailable." ], "statement" : "This issue was classified as Moderate. It is an application level denial of service flaw in FreeIPMI's `ipmi-oem` client. A remote attacker can exploit buffer overflows by sending specially crafted response messages to the `ipmi-oem` client, leading to system unavailability. This vulnerability requires the `ipmi-oem` command to be actively used with specific OEM subcommands to communicate with a malicious or compromised Intelligent Platform Management Interface (IPMI) server.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "freeipmi", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "freeipmi", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "freeipmi", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "freeipmi", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "freeipmi", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-50031\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-50031\nhttps://lists.gnu.org/archive/html/info-gnu/2026-06/msg00000.html\nhttps://savannah.gnu.org/bugs/index.php?68363\nhttps://savannah.gnu.org/bugs/index.php?68364" ], "name" : "CVE-2026-50031", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }