PT-2023-22968 · Asustor · Asustor Data Master

Publicado

2023-04-17

Atualizado

2023-05-04

CVE-2023-30770

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASUSTOR Data Master (ADM) versions 4.0.6.REG2, 4.1.0 and below ASUSTOR Data Master (ADM) versions 4.2.0.RE71 and below

Description A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code.

Recommendations For versions 4.0.6.REG2 and 4.1.0 and below, update to a version above 4.1.0. For versions 4.2.0.RE71 and below, update to a version above 4.2.0.RE71. As a temporary workaround, consider implementing data size validation to prevent buffer overflow exploitation until a patch is available.

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

CVE-2023-30770

Produtos afetados

Asustor Data Master

PT-2023-22968 · Asustor · Asustor Data Master

CVE-2023-30770

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7