CVE-2023-32972— QNAP 多款产品缓冲区错误漏洞

QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

QNAP 多款产品缓冲区错误漏洞

QNAP Systems QuTScloud等都是中国威联通科技（QNAP Systems）公司的产品。QNAP Systems QuTScloud是一种 QNAP NAS 操作系统的云端优化版本。QNAP Systems QTS是一个入门到中阶QNAP NAS 使用的操作系统。QNAP Systems QuTS hero是一个操作系统。 QNAP products存在安全漏洞，该漏洞源于缓冲区副本未检查输入大小，允许经过身份验证的管理员通过网络执行代码，以下产品和版本受到影响：QTS 5.0.1.242

N/A

N/A