PT-2023-8501 · Qnap · Qutscloud+2

Published

2023-08-28

Updated

2024-02-06

CVE-2023-41276

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.2.2533 build 20230926 QuTS hero versions prior to h5.1.2.2534 build 20230927 QuTScloud versions prior to c5.1.5.2651

Description The issue is related to a buffer copy without checking the size of input data, which could allow a remote attacker to execute arbitrary code. This can be achieved via a network by authenticated administrators.

Recommendations For QTS versions prior to 5.1.2.2533 build 20230926, update to QTS 5.1.2.2533 build 20230926 or later. For QuTS hero versions prior to h5.1.2.2534 build 20230927, update to QuTS hero h5.1.2.2534 build 20230927 or later. For QuTScloud versions prior to c5.1.5.2651, update to QuTScloud c5.1.5.2651 or later.

Fix

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-120

Related Identifiers

BDU:2024-01039

CVE-2023-41276

Affected Products

Qts

Quts Hero

Qutscloud

PT-2023-8501 · Qnap · Qutscloud+2

CVE-2023-41276

Weakness Enumeration

Related Identifiers

Affected Products

References · 8