CVE-2022-3576

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 41.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Diskstation Manager

Timeline

PublishedOct 20

Latest updateNov 23

Description

A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsynology/diskstation_manager< 7.1.1-42962-2

▶CVEListV5synology/diskstation_manager_(dsm)unspecified — 7.1.1-42962-2

🔴Vulnerability Details

OSV

tiff vulnerabilities↗2023-11-23

▶

GHSA

GHSA-gcj7-f7w5-vqx5: A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management↗2022-10-20

▶

CVEList

CVE-2022-3576: A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management↗2022-10-20

▶