Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated out of bounds heap write in bmcweb
Vulnerability Description
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
值处理不恰当
Vulnerability Title
OpenBMC 缓冲区错误漏洞
Vulnerability Description
OpenBMC是一个 Linux 发行版,用于管理服务器、架顶式交换机或 RAID 设备等设备中使用的控制器。它使用 Yocto、 OpenEmbedded、 systemd和 D-Bus来轻松定制您的平台。 OpenBMC Project bmcweb存在安全漏洞,该漏洞源于其在某些情况下会在循环中执行多次重复操作导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A