CVE-2023-49937 - OpenCVE

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schedmd	Slurm

Configuration 1 [-]

OR	cpe:2.3:a:schedmd:slurm::::::::
	cpe:2.3:a:schedmd:slurm::::::::
	cpe:2.3:a:schedmd:slurm:23.11:-::::::
	cpe:2.3:a:schedmd:slurm:23.11:rc1::::::

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
https://www.schedmd.com/security-archive.php

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/ https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-14T00:00:00.000Z

Updated: 2025-11-04T18:20:14.076Z

Reserved: 2023-12-03T00:00:00.000Z

Link: CVE-2023-49937

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T05:15:11.493

Modified: 2025-11-04T19:16:12.110

Link: CVE-2023-49937

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-49937", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T18:20:14.076Z", "dateReserved": "2023-12-03T00:00:00.000Z", "datePublished": "2023-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-03T03:06:31.925Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.schedmd.com/security-archive.php"}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.schedmd.com/security-archive.php", "tags": ["x_transferred"]}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:20:14.076Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F78B348-8518-461F-A411-6E04D00E0DB8", "versionEndExcluding": "22.05.12", "versionStartIncluding": "22.05", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FD67C27-289A-4071-9380-74059C3A24E2", "versionEndExcluding": "23.02.7", "versionStartIncluding": "23.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:23.11:-:*:*:*:*:*:*", "matchCriteriaId": "F7271FE9-7535-4337-8B65-61C533932E4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:23.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "1A2835FE-2E57-47FF-BD76-9817978108C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x, 23.02.x y 23.11.x. Debido a una doble liberaci\u00f3n, los atacantes pueden provocar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario. Las versiones fijas son 22.05.11, 23.02.7 y 23.11.1."}], "id": "CVE-2023-49937", "lastModified": "2025-11-04T19:16:12.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-12-14T05:15:11.493", "references": [{"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "[email protected]", "type": "Primary"}]}