CVE-2023-32971Classic Buffer Overflow in Systems INC QTS

CWE-120Classic Buffer OverflowCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.2HIGHNVD
CNA3.8
EPSS
0.1%
top 76.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap Systems INC Qutscloud+3 more
Timeline
PublishedOct 6

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 202306

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

CVEListV5qnap_systems_inc/quts_heroh5.0.xh5.0.1.2515 build 20230907+2
NVDqnap/quts_heroh4.5.0h4.5.4.2476+2
CVEListV5qnap_systems_inc/qutscloudc5.0.xc5.1.0.2498
NVDqnap/qutscloudc5.0.1c5.1.0.2498
CVEListV5qnap_systems_inc/qts5.0.x5.0.1.2425 build 20230609+2

🔴Vulnerability Details

2
GHSA
GHSA-fpv5-wvr7-9fx3: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions2023-10-06
CVEList
QTS, QuTS hero, QuTScloud2023-10-06
CVE-2023-32971 — Classic Buffer Overflow | cvebase