CVE-2023-41273
02.02.2024, 16:15
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later
| Vendor | Product | Version |
|---|---|---|
| qnap | qts | 5.1.0.2348:build_20230325 |
| qnap | qts | 5.1.0.2399:build_20230515 |
| qnap | qts | 5.1.0.2418:build_20230603 |
| qnap | qts | 5.1.0.2444:build_20230629 |
| qnap | qts | 5.1.0.2466:build_20230721 |
| qnap | qts | 5.1.1.2491:build_20230815 |
| qnap | qts | 5.1.2.2533 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.