CVE-2024-10442Off-by-one Error in Synology Replication Service

CWE-193Off-by-one Error3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
0.9%
top 24.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Synology Replication ServiceSynology Unified ControllerSyncology Replication Service
Timeline
PublishedMar 19

Description

Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages5 packages

CVEListV5synology/unified_controller3.13.1.4-23079
NVDsynology/unified_controller< 3.1.4-23079
CVEListV5synology/replication_service*1.2.2-0353+2
NVDsynology/replication_service< 1.2.2-0353+1

🔴Vulnerability Details

2
GHSA
GHSA-8745-q6hh-2437: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 12025-03-19
CVEList
CVE-2024-10442: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 12025-03-19
CVE-2024-10442 — Off-by-one Error in Synology | cvebase