CVE-2021-26567
EUVD-2021-1336526.02.2021, 22:15
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| synology | diskstation_manager | 𝑥 < 6.2.3-25426-3 |
| synology | vs960hd_firmware | - |
| synology | skynas_firmware | - |
| synology | diskstation_manager_unified_controller | 3.0 |
| faad2_project | faad2 | 𝑥 < 2.2.7.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.