PT-2023-9128 · Qnap · Quts Hero+1

Bingwei Peng

Publicado

2023-10-03

Atualizado

2024-01-10

CVE-2023-45040

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.4.2596 build 20231128 QuTS hero versions prior to h5.1.4.2596 build 20231128

Description The issue is related to a buffer copy without checking the size of the input, which can lead to a buffer overflow in memory. This could allow a remote attacker to execute arbitrary code. The vulnerability can be exploited by authenticated administrators via a network.

Recommendations For QTS versions prior to 5.1.4.2596 build 20231128, update to version 5.1.4.2596 build 20231128 or later. For QuTS hero versions prior to h5.1.4.2596 build 20231128, update to version h5.1.4.2596 build 20231128 or later.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120

Identificadores relacionados

BDU:2024-03986

CVE-2023-45040

Produtos afetados

Qts

Quts Hero

PT-2023-9128 · Qnap · Quts Hero+1

CVE-2023-45040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6