CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%
libslurm.so is vulnerable to Improper Input Validation. The vulnerability exists due to the lack of length checks for the message size in slurm_protocol_api.c
, which allows an attacker to modify RPC traffic in a way that bypasses message hash checks, leading to message extension attacks
github.com/advisories/GHSA-hgjx-j8hg-pxrf
github.com/SchedMD/slurm/commit/9d7c53042c05c6049604257702c900f1748294e1
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
www.schedmd.com/security-archive.php