CVE-2023-32975

08.12.2023, 16:15

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.2.2534 build 20230927 and later

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
qnap	CNA	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Vendor	Product	Version
qnap	qts	5.1.0.2348:build_20230325
qnap	qts	5.1.0.2399:build_20230515
qnap	qts	5.1.0.2418:build_20230603
qnap	qts	5.1.0.2444:build_20230629
qnap	qts	5.1.0.2466:build_20230721
qnap	qts	5.1.1.2491:build_20230815
qnap	qts	5.0.1.2034:build_20220515
qnap	qts	5.0.1.2079:build_20220629
qnap	qts	5.0.1.2131:build_20220820
qnap	qts	5.0.1.2137:build_20220826
qnap	qts	5.0.1.2145:build_20220903
qnap	qts	5.0.1.2173:build_20221001
qnap	qts	5.0.1.2194:build_20221022
qnap	qts	5.0.1.2234:build_20221201
qnap	qts	5.0.1.2248:build_20221215
qnap	qts	5.0.1.2277:build_20230112
qnap	qts	5.0.1.2346:build_20230322
qnap	qts	5.0.1.2376:build_20230421
qnap	qts	5.0.1.2425:build_20230609

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://www.qnap.com/en/security-advisory/qsa-23-07