Openbmc Project Openbmc
By the Year
In 2024 there have been 0 vulnerabilities in Openbmc Project Openbmc . Last year Openbmc had 1 security vulnerability published. Right now, Openbmc is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 2 | 7.50 |
| 2021 | 1 | 10.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openbmc vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Openbmc Project Openbmc Security Vulnerabilities
In OpenBMC 2.9, crafted IPMI messages
CVE-2021-39295
7.5 - High
- April 15, 2023
In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.
Resource Exhaustion
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service
CVE-2022-3409
7.5 - High
- October 27, 2022
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation for CVE-2022-2809. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.
Memory Corruption
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service
CVE-2022-2809
7.5 - High
- October 27, 2022
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how multipart_parser handles unclosed http headers. If long enough http header is passed in the multipart form without colon there is one byte overwrite on heap. It can be conducted multiple times in a loop to cause DoS.
Memory Corruption
In OpenBMC 2.9, crafted IPMI messages
CVE-2021-39296
10 - Critical
- September 09, 2021
In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Openbmc Project Openbmc or by Openbmc Project? Click the Watch button to subscribe.
