CVE-2023-52946

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_10	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:synology:drive_client:*:*:*:*:*:desktop:*:*

History

08 Oct 2024, 15:55

Type	Values Removed	Values Added
First Time		Synology Synology drive Client
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 - Vendor Advisory
CPE		cpe:2.3:a:synology:drive_client::::::desktop::*

26 Sep 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('Desbordamiento de búfer clásico') en el componente de servicio vss en Synology Drive Client anterior a 3.5.0-16084 permite a atacantes remotos sobrescribir búferes triviales y bloquear el cliente a través de vectores no especificados.

26 Sep 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 04:15

Updated : 2024-10-08 15:55

NVD link : CVE-2023-52946

Mitre link : CVE-2023-52946

CVE.ORG link : CVE-2023-52946

JSON object : View

Products Affected

synology

drive_client

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2023-52946", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@synology.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2024-09-26T04:15:05.863", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10", "tags": ["Vendor Advisory"], "source": "security@synology.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}, {"type": "Secondary", "source": "security@synology.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('Desbordamiento de b\u00fafer cl\u00e1sico') en el componente de servicio vss en Synology Drive Client anterior a 3.5.0-16084 permite a atacantes remotos sobrescribir b\u00faferes triviales y bloquear el cliente a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-10-08T15:55:07.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synology:drive_client:*:*:*:*:*:desktop:*:*", "vulnerable": true, "matchCriteriaId": "FA63ED01-FFC4-4304-B511-8FF3260AEF74", "versionEndExcluding": "3.5.0-16084"}], "operator": "OR"}]}], "sourceIdentifier": "security@synology.com"}