CVE-2020-5208

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-5208
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5208.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5208
Downstream
Related
Published
2020-02-05T14:15:11Z
Modified
2025-10-21T05:54:21.304862Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

References

Affected packages

Git / github.com/ipmitool/ipmitool

Affected ranges

Type
GIT
Repo
https://github.com/ipmitool/ipmitool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e824c23316ae50beb7f7488f2055ac65e8b341f2

Affected versions

Other

IPMITOOL_1_4_1_1
IPMITOOL_1_8_14
IPMITOOL_1_8_14RC1
IPMITOOL_1_8_14RC2
IPMITOOL_1_8_15
IPMITOOL_1_8_15RC1
IPMITOOL_1_8_16
IPMITOOL_1_8_17
IPMITOOL_1_8_18

Database specific

vanir_signatures

[
    {
        "id": "CVE-2020-5208-361d9920",
        "target": {
            "function": "read_fru_area_section",
            "file": "lib/ipmi_fru.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 1701.0,
            "function_hash": "192886428758089050892367244975157064793"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2"
    },
    {
        "id": "CVE-2020-5208-95bc5e1f",
        "target": {
            "function": "read_fru_area",
            "file": "lib/ipmi_fru.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 2145.0,
            "function_hash": "134019777437021869972891340940394982863"
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2"
    },
    {
        "id": "CVE-2020-5208-facc6859",
        "target": {
            "file": "lib/ipmi_fru.c"
        },
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "57076867987319810854233613857946262088",
                "236455093077017610747203830435885499403",
                "50302983535718889553902051495726656844",
                "127240053834604641190049528171308280594",
                "171490552444983707541313881547760775382",
                "159468252494031490108302431114206618012",
                "90869396626081300417576987662951969291",
                "158296759207413761725236324976059046106",
                "333449966720909451653097200969841430185",
                "243363549478903765859419170374154158847",
                "168649472567545880875518271251405817713",
                "44295945655746834570285452179811915295",
                "99042831342086855809199899281077268132",
                "69275239738053955360996024045230482674",
                "182594728877648145376787303490332092721",
                "13648507444097223767168718815638888394",
                "315387753671988408139076220211215164454",
                "82436235867193713512548748195290102799",
                "204427108457237212630070253610306739008",
                "25471238540442471233640752005268856307",
                "83292191667530993419136007046260669268",
                "265184154697531959962865615124016063860",
                "265745931496434714655901594370802605299",
                "74275860038477994846903371863830996366",
                "287124388342538269033154908689897118951",
                "127240053834604641190049528171308280594",
                "171490552444983707541313881547760775382",
                "159468252494031490108302431114206618012",
                "90869396626081300417576987662951969291",
                "158296759207413761725236324976059046106",
                "333449966720909451653097200969841430185",
                "243363549478903765859419170374154158847",
                "168649472567545880875518271251405817713",
                "44295945655746834570285452179811915295",
                "126802022020050959000339982198636948947",
                "227796436680837261900849338051402674176",
                "193245646791272897850468398052174396305",
                "92560596906955904854177872398064960912",
                "13648507444097223767168718815638888394",
                "167307511504313380807613353316085981725",
                "168357358145000016114140709761680186784",
                "336451364272383594355124115874525625255",
                "33785226047952495029146364540215980849",
                "192128900186167947288651281698769174820"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2"
    }
]