CVE-2023-49937

Published: Dec 14, 2023Modified: Nov 4, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Because of a double free, attackers can cause a denial of service or possibly execute arbitrary code. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Affected (4)

Products: Schedmd: Slurm

Schedmd

1 product

Slurm

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Schedmd Slurm	From 22.05 to 22.05.12
Schedmd Slurm	From 23.02 to 23.02.7
Schedmd Slurm	Version 23.11
Schedmd Slurm	Version 23.11 rc1

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (10)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/

Source: cve@mitre.org

https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html

Source: cve@mitre.org

Mailing ListVendor Advisory

https://www.schedmd.com/security-archive.php

Source: cve@mitre.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/