CVE-2026-50031
Buffer Overflow in FreeIPMI ipmi-oem
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | freeipmi | to 1.16.18 (exc) |
| gnu | freeipmi | 1.6.18 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-50031 is a stack buffer overflow vulnerability in the ipmi-oem client commands of GNU FreeIPMI before version 1.6.18. It affects two specific subcommands: "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text."
The vulnerability occurs because these commands allocate fixed-size buffers on the stack but use attacker-controlled data lengths when copying response messages. This allows a malicious or compromised Baseboard Management Controller (BMC) to overflow these buffers by sending oversized response data.
Such buffer overflows can cause process crashes or potentially allow an attacker to hijack control flow and execute arbitrary code, depending on compiler options, stack layout, and runtime protections.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the ipmi-oem process to crash, leading to denial of service in system management operations.
More seriously, it could allow an attacker who can send malicious responses from a compromised or malicious BMC to execute arbitrary code on the system running FreeIPMI, potentially gaining control over system management functions.
Since FreeIPMI is commonly used for sensor monitoring and remote power control, exploitation could disrupt critical hardware management tasks or allow unauthorized control over hardware.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects the ipmi-oem commands in FreeIPMI, specifically the subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text." Detection can involve monitoring or testing these specific commands for abnormal behavior or crashes caused by buffer overflows.
You can use the following commands to check if your system is vulnerable by running the affected ipmi-oem subcommands and observing for crashes or unexpected behavior:
- ipmi-oem dell get-active-directory-config
- ipmi-oem fujitsu get-sel-entry-long-text
If these commands cause crashes or abnormal responses, it may indicate the presence of the vulnerability or an exploit attempt.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update FreeIPMI to version 1.6.18 or later, where the buffer overflow vulnerabilities in the ipmi-oem commands have been fixed.
Until the update can be applied, avoid using the vulnerable ipmi-oem subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" to prevent triggering the buffer overflow.
Additionally, monitor your systems for unusual crashes or behavior related to the ipmi-oem commands, and restrict access to IPMI interfaces to trusted users and networks to reduce the risk of exploitation.