CVE-2024-41660

slpd-lite unauthenticated memory corruption

Description

slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.

INFO

Published Date :

2024-07-31T19:37:46.455Z

Last Modified :

2024-07-31T20:16:53.157Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-41660 vulnerability.

Vendors	Products
Openbmc-project	Slpd-lite

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41660.

URL	Resource
https://github.com/openbmc/slpd-lite/security/advisories/GHSA-wmgv-jffg-v3xr

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact