CVE-2024-39349

Published: Jun 28, 2024Modified: Apr 10, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

Affected (2)

Products: Synology: Bc500 Firmware, Tc500 Firmware

2 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Bc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Bc500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Synology Tc500 Firmware	Before 1.0.7-0298

Running on/with	Platform Versions
Synology Tc500	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: security@synology.com

Vendor Advisory

https://www.synology.com/en-global/security/advisory/Synology_SA_23_15

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.