← Back

CVE-2023-32975

nvd nist
Published: Dec 8, 2023Modified: Jun 17, 2026

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later

Affected (31)

Products: Qnap: Qts, Quts Hero
Qnap
2 products
Qts
Quts Hero
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 5.1.0.2348 build_20230325
Qts
Version 5.1.0.2399 build_20230515
Qts
Version 5.1.0.2418 build_20230603
Qts
Version 5.1.0.2444 build_20230629
Qts
Version 5.1.0.2466 build_20230721
Qts
Version 5.1.1.2491 build_20230815
Configuration B
13 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 5.0.1.2034 build_20220515
Qts
Version 5.0.1.2079 build_20220629
Qts
Version 5.0.1.2131 build_20220820
Qts
Version 5.0.1.2137 build_20220826
Qts
Version 5.0.1.2145 build_20220903
Qts
Version 5.0.1.2173 build_20221001
Qts
Version 5.0.1.2194 build_20221022
Qts
Version 5.0.1.2234 build_20221201
Qts
Version 5.0.1.2248 build_20221215
Qts
Version 5.0.1.2277 build_20230112
Qts
Version 5.0.1.2346 build_20230322
Qts
Version 5.0.1.2376 build_20230421
Qts
Version 5.0.1.2425 build_20230609
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Quts Hero
Version h5.1.0.2409 build_20230525
Quts Hero
Version h5.1.0.2424 build_20230609
Quts Hero
Version h5.1.0.2453 build_20230708
Quts Hero
Version h5.1.0.2466 build_20230721
Quts Hero
Version h5.1.1.2488 build_20230812
Configuration D
7 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Quts Hero
Version h5.0.1.2045 build_20220526
Quts Hero
Version h5.0.1.2192 build_20221020
Quts Hero
Version h5.0.1.2248 build_20221215
Quts Hero
Version h5.0.1.2269 build_20230104
Quts Hero
Version h5.0.1.2277 build_20230112
Quts Hero
Version h5.0.1.2348 build_20230324
Quts Hero
Version h5.0.1.2376 build_20230421

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.