CVE-2022-49038

Name of the Vulnerable Software and Affected Versions: Synology Drive Client versions prior to 3.3.0-15082

Description: The issue is related to the inclusion of functionality from an untrusted control sphere in the OpenSSL DLL component. This allows local users to execute arbitrary code via unspecified vectors. The vulnerability is associated with the manipulation of unknown input data, which can be exploited by an attacker to execute arbitrary code.

Recommendations: For versions prior to 3.3.0-15082, update to version 3.3.0-15082 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenSSL DLL component until a patch is applied. Avoid using the Synology Drive Client with untrusted input data to minimize the risk of exploitation.