---

CVE-2020-5208 - log back

CVE-2020-5208 edited at 20 Feb 2021 00:01:31
Severity	- Medium + High
References	https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 + https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 + https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 + https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 + https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 + https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637

CVE-2020-5208 edited at 19 Feb 2021 23:56:55
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
References	+ https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp + https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
Notes

CVE-2020-5208 created at 19 Feb 2021 23:55:38