CVE-2023-32973

CVSS v2.0

8.3

High

Vector

AV:N/AC:L/Au:M/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero h versions prior to h5.0.1.2515 build 20230907 QuTS hero h versions prior to h5.1.0.2424 build 20230609 QuTS hero h versions prior to h4.5.4.2476 build 20230728 QuTScloud c versions prior to c5.1.0.2498

Description A buffer copy without checking the size of input issue has been reported, which could allow authenticated administrators to execute code via a network. The vulnerability is related to a buffer overflow in memory, where an attacker could exploit it to execute arbitrary code remotely.

Recommendations For QTS versions prior to 5.0.1.2425 build 20230609, update to QTS 5.0.1.2425 build 20230609 or later. For QTS versions prior to 5.1.0.2444 build 20230629, update to QTS 5.1.0.2444 build 20230629 or later. For QTS versions prior to 4.5.4.2467 build 20230718, update to QTS 4.5.4.2467 build 20230718 or later. For QuTS hero h versions prior to h5.0.1.2515 build 20230907, update to QuTS hero h5.0.1.2515 build 20230907 or later. For QuTS hero h versions prior to h5.1.0.2424 build 20230609, update to QuTS hero h5.1.0.2424 build 20230609 or later. For QuTS hero h versions prior to h4.5.4.2476 build 20230728, update to QuTS hero h4.5.4.2476 build 20230728 or later. For QuTScloud c versions prior to c5.1.0.2498, update to QuTScloud c5.1.0.2498 or later.

Fix

Stack Overflow

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787CWE-120

Related Identifiers

BDU:2024-02157

CVE-2023-32973

Affected Products

Qts

Quts Hero

Qutscloud

CVE-2023-32973

Weakness Enumeration

Related Identifiers

Affected Products

References · 4