Classic Buffer Overflow Vulnerability Affects Synology Drive Client

CVE-2023-52946

8.2HIGH

Key Information

Vendor: Synology
Status: Synology Drive Client
Vendor: CVE Published:; 26 September 2024

Summary

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors.

Affected Version(s)

Synology Drive Client <= *

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 26, 2024
Vulnerability Reserved.
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Zhao Runzi (赵润梓)