CVE-2024-37044 — Classic Buffer Overflow in Systems INC QTS

CWE-120 — Classic Buffer Overflow CWE-121 — Stack-based Buffer Overflow3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

2.0%

top 16.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedNov 22

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5qnap_systems_inc/quts_heroh5.2.x — h5.2.1.2929 build 20241025

▶NVDqnap/quts_hero7 versions+6

▶CVEListV5qnap_systems_inc/qts5.2.x — 5.2.1.2930 build 20241025

▶NVDqnap/qts7 versions+6

🔴Vulnerability Details

GHSA

GHSA-x56m-f472-mvxv: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions↗2024-11-22

▶

CVEList

QTS, QuTS hero↗2024-11-22

▶