Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-31439

Опубликовано: 21 мая 2021
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
CVSS2: 5.8
EPSS Низкий

Описание

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*
Версия от 6.2 (включая) до 6.2.3-25426-3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*
Версия до 3.1.13 (исключая)

EPSS

Процентиль: 77%
0.01035
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2021-31439

CVSS3: 8.8
ubuntu
больше 4 лет назад

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

debian логотип

CVE-2021-31439

CVSS3: 8.8
debian
больше 4 лет назад

This vulnerability allows network-adjacent attackers to execute arbitr ...

github логотип

GHSA-8292-4xc6-r7cv

CVSS3: 8.8
github
больше 3 лет назад

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

suse-cvrf логотип

SUSE-SU-2022:1184-1

suse-cvrf
почти 4 года назад

Security update for netatalk

EPSS

Процентиль: 77%
0.01035
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-122
CWE-787