PT-2024-14784 · Synology · Synology Drive Client

Zhao Runzi

Published

2024-09-25

Updated

2024-10-08

CVE-2023-52946

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Synology Drive Client versions prior to 3.5.0-16084

Description A buffer copy without checking the size of the input, also known as a 'Classic Buffer Overflow', exists in the vss service component. This allows remote attackers to overwrite buffers and crash the client via unspecified vectors.

Recommendations For versions prior to 3.5.0-16084, update to version 3.5.0-16084 or later to resolve the issue. As a temporary workaround, consider restricting access to the vss service component until a patch is applied.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2023-52946

Affected Products

Synology Drive Client

PT-2024-14784 · Synology · Synology Drive Client

CVE-2023-52946

Weakness Enumeration

Related Identifiers

Affected Products

References · 8