CVE-2023-32975Classic Buffer Overflow in Systems INC QTS

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.2HIGHNVD
CNA4.9
EPSS
0.1%
top 79.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Qnap Systems INC QTSQnap Systems INC Quts HeroQnap QTS+1 more
Timeline
PublishedDec 8

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

CVEListV5qnap_systems_inc/quts_heroh5.0.xh5.0.1.2515 build 20230907+1
NVDqnap/quts_hero12 versions+11
CVEListV5qnap_systems_inc/qts5.0.x5.0.1.2514 build 20230906+1
NVDqnap/qts19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-cjp2-5mj8-82hm: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions2023-12-08
CVEList
QTS, QuTS hero2023-12-08
CVE-2023-32975 — Classic Buffer Overflow | cvebase