Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-38638

Опубликовано: 07 мар. 2025
Источник: nvd
CVSS3: 7.2
EPSS Низкий

Описание

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.

QTS 5.2.x/QuTS hero h5.2.x are not affected.

We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*
cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*

EPSS

Процентиль: 36%
0.00151
Низкий

7.2 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

github логотип

GHSA-73vc-g45m-99m9

CVSS3: 7.2
github
11 месяцев назад

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. QTS 5.2.x/QuTS hero h5.2.x are not affected. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QuTS hero h5.1.9.2954 build 20241120 and later

EPSS

Процентиль: 36%
0.00151
Низкий

7.2 High

CVSS3

Дефекты

CWE-787