Lucene search

PRIOn knowledge basePRION:CVE-2023-32972

HistoryOct 06, 2023 - 5:15 p.m.

Input validation

2023-10-0617:15:00

PRIOn knowledge base

www.prio-n.com

input validation

buffer input

authenticated admins

code execution

qnap os

security patch

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2425 build 20230609 and later
QTS 5.1.0.2444 build 20230629 and later
QTS 4.5.4.2467 build 20230718 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTS hero h4.5.4.2476 build 20230728 and later
QuTScloud c5.1.0.2498 and later

CPENameOperatorVersion
qtsge5.1.0
qtslt5.1.0.2444
qtsge4.5.0
qtslt4.5.4.2467
qtsge5.0.0
qtslt5.0.1.2425
quts_heroeq>= h5.1.0 AND < h5.1.0.2424
quts_heroeq>= h4.5.0 AND < h4.5.4.2476
quts_heroeq>= h5.0.0 AND < h5.0.1.2515
qutscloudeq>= c5.0.1 AND < c5.1.0.2498

Name	Operator	Version
qts	ge	5.1.0
qts	lt	5.1.0.2444
qts	ge	4.5.0
qts	lt	4.5.4.2467
qts	ge	5.0.0
qts	lt	5.0.1.2425
quts_hero	eq	>= h5.1.0 AND < h5.1.0.2424
quts_hero	eq	>= h4.5.0 AND < h4.5.4.2476
quts_hero	eq	>= h5.0.0 AND < h5.0.1.2515
qutscloud	eq	>= c5.0.1 AND < c5.1.0.2498

References

www.qnap.com/en/security-advisory/qsa-23-37