CVE-2023-30630

Name
CVE-2023-30630
Description
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
MISC https://github.com/adamreiser/dmiwrite
MISC https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2
MISC https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nongnu:dmidecode:*:*:*:*:*:*:*:* dmidecode >= None < 3.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
dmidecode 3.17-main 3.4-r0 Nathan Angelacos <nangel@alpinelinux.org> possibly vulnerable
dmidecode 3.16-main 3.3-r1 Nathan Angelacos <nangel@alpinelinux.org> possibly vulnerable
dmidecode 3.15-main 3.3-r1 Nathan Angelacos <nangel@alpinelinux.org> possibly vulnerable
dmidecode 3.14-main 3.3-r0 Nathan Angelacos <nangel@alpinelinux.org> possibly vulnerable