CVE-2024-22453
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
19/03/2024
Last modified:
04/02/2025
Description
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:dell:poweredge_r730_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r730:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r730xd_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r730xd:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r630_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r630:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_c4130_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_c4130:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_r930_firmware:*:*:*:*:*:*:*:* | 2.14.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_r930:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_m630_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_m630:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_m630_\(pe_vrtx\)_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) | |
| cpe:2.3:h:dell:poweredge_m630_\(pe_vrtx\):-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:dell:poweredge_fc630_firmware:*:*:*:*:*:*:*:* | 2.19.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability