Buffer Copy Without Checking Size of Input Vulnerability
CVE-2024-32763

8.8HIGH

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 6 September 2024

Summary

A vulnerability has been identified in certain versions of QNAP's operating systems, stemming from a flaw in handling buffer copy operations without adequate size checks. This could potentially allow authenticated users to exploit the vulnerability and execute arbitrary code over the network. The issue is particularly concerning for organizations relying on affected QNAP products, as it opens the door to various malicious activities. QNAP has addressed this vulnerability in the recently released versions QTS 5.1.8.2823 build 20240712 and later, as well as QuTS hero h5.1.8.2823 build 20240712 and later, underscoring the importance of keeping systems updated to mitigate such risks.

Affected Version(s)

QTS 5.1.x < 5.1.8.2823 build 20240712

QuTS hero h5.1.x

References

https://www.qnap.com/en/security-advisory/qsa-24-33

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Aliz Hammond of watchTowr