CVE-2023-0208 — Heap-based Buffer Overflow in Nvidia Data Center GPU Manager

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.1HIGHNVD

CNA8.4

EPSS

0.1%

top 75.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Data Center GPU Manager Nvidia Dcgm

Timeline

PublishedApr 1

Description

NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDnvidia/data_center_gpu_manager< 3.1.7

▶CVEListV5nvidia/dcgmAll versions prior to 3.1.7

🔴Vulnerability Details

GHSA

GHSA-qh6p-7hfp-vmv9: NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound↗2023-04-01

▶

CVEList

CVE-2023-0208: NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound↗2023-04-01

▶