CVE-2026-50031

high

Published 2026-06-03 · Modified 2026-06-03

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.5

Description

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.

Predictions

Exploit likelihood

83%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-50031 NameCVE-2026-50031 Descriptionipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on ... SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source…

CVE-2026-50031

Name	CVE-2026-50031
Description	ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on ...
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
freeipmi (PTS)	bullseye	1.6.6-4+deb11u1	vulnerable
	bookworm	1.6.10-1	vulnerable
	trixie	1.6.15-1	vulnerable
	forky, sid	1.6.17-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
freeipmi	source	(unstable)	(unfixed)

Notes

https://savannah.gnu.org/bugs/index.php?68363
https://savannah.gnu.org/bugs/index.php?68364
https://lists.gnu.org/archive/html/info-gnu/2026-06/msg00000.html

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

https://savannah.gnu.org/bugs/index.php?68363https://savannah.gnu.org/bugs/index.php?68364https://lists.gnu.org/archive/html/info-gnu/2026-06/msg00000.html

OS impact

Debian Affected 5 releases

Version	Status	Fixed in
trixie	Affected	—
sid	Affected	—
forky	Affected	—
bullseye	Affected	—
bookworm	Affected	—

References

CWEs

CWE-121

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.