CVE-2022-22687Classic Buffer Overflow in Synology Diskstation Manager

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
5.3%
top 9.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Diskstation ManagerSynology Diskstation Manager Unified Controller
Timeline
PublishedMar 25
Latest updateMar 26

Description

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5synology/diskstation_managerunspecified6.2.3-25426-3
NVDsynology/diskstation_manager6.26.2.3-25426-3

🔴Vulnerability Details

2
GHSA
GHSA-3h67-wjhc-r8m7: Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (2022-03-26
CVEList
CVE-2022-22687: Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (2022-03-25
CVE-2022-22687 — Classic Buffer Overflow in Synology | cvebase