cbcvebase.
CVE-2024-10442
published 2025-03-19

CVE-2024-10442: Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified…

PriorityP259critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.34%
67.7th percentile
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

Affected

8 ranges
VendorProductVersion rangeFixed in
syncologyreplication_service< 1.3.0-04231.3.0-0423
synologyreplication_service< 1.2.2-03531.2.2-0353
synologyreplication_service<= 1.0.12-0066
synologyreplication_service>= * < 1.2.2-03531.2.2-0353
synologyreplication_service>= * < 1.0.12-00661.0.12-0066
synologyreplication_service>= * < 1.3.0-04231.3.0-0423
synologyunified_controller< 3.1.4-230793.1.4-23079
synologyunified_controller>= 3.1 < 3.1.4-230793.1.4-23079
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.