CVE-2022-37398

Published: Aug 5, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below.

Affected (3)

Products: Asustor: Adm

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Asustor Adm	From 3.5.0 to 3.5.9.rue3
Asustor Adm	From 4.0.0 to 4.0.5.rvi1
Asustor Adm	From 4.1.0 to 4.1.0.rjd1

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.asustor.com/security/security_advisory_detail?id=12

Source: security@asustor.com

Vendor Advisory

https://www.asustor.com/security/security_advisory_detail?id=12

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.