← Back

CVE-2024-53698

nvd nist
Published: Mar 7, 2025Modified: Sep 23, 2025

JSON object

Loading...
2.1
Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security@qnapsecurity.com.tw (Secondary)

Description

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

Affected (19)

Products: Qnap: Qts, Quts Hero
Qnap
2 products
Qts
Quts Hero
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 5.2.0.2737 build_20240417
Qts
Version 5.2.0.2744 build_20240424
Qts
Version 5.2.0.2782 build_20240601
Qts
Version 5.2.0.2802 build_20240620
Qts
Version 5.2.0.2823 build_20240711
Qts
Version 5.2.0.2851 build_20240808
Qts
Version 5.2.0.2860 build_20240817
Qts
Version 5.2.1.2930 build_20241025
Qts
Version 5.2.2.2950 build_20241114
Configuration B
10 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Quts Hero
Version h5.2.0.2737 build_20240417
Quts Hero
Version h5.2.0.2782 build_20240601
Quts Hero
Version h5.2.0.2789 build_20240607
Quts Hero
Version h5.2.0.2802 build_20240620
Quts Hero
Version h5.2.0.2823 build_20240711
Quts Hero
Version h5.2.0.2851 build_20240808
Quts Hero
Version h5.2.0.2860 build_20240817
Quts Hero
Version h5.2.1.2929 build_20241025
Quts Hero
Version h5.2.1.2940 build_20241105
Quts Hero
Version h5.2.2.2952 build_20241116

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (1)

Source: security@qnapsecurity.com.tw
Vendor Advisory

Timeline

No history available yet.