PT-2023-8501 · Qnap · Qutscloud+2

Publicado

2023-08-28

Atualizado

2024-02-06

CVE-2023-41276

CVSS v2.0

8.3

Alta

Vetor

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero versions prior to h5.1.2.2534 build 20230927 QuTScloud versions prior to c5.1.5.2651

Description The issue is related to a buffer copy without checking the size of input data, which could allow a remote attacker to execute arbitrary code. This can be achieved via a network by authenticated administrators.

Recommendations For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

Correção

Heap Based Buffer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-120

Identificadores relacionados

BDU:2024-01039

CVE-2023-41276

Produtos afetados

Qts

Quts Hero

Qutscloud

PT-2023-8501 · Qnap · Qutscloud+2

CVE-2023-41276

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8