PT-2022-15633 · Synology · Synology Diskstation Manager

Published

2022-03-25

Updated

2025-01-14

CVE-2022-22687

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.3-25426-3

Description A buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow', exists in the Authentication functionality. This issue allows remote attackers to execute arbitrary code via unspecified vectors.

Recommendations For versions prior to 6.2.3-25426-3, update to version 6.2.3-25426-3 or later to resolve the issue.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2022-22687

Affected Products

Synology Diskstation Manager

PT-2022-15633 · Synology · Synology Diskstation Manager

CVE-2022-22687

Weakness Enumeration

Related Identifiers

Affected Products

References · 4