CVE-2022-49041

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_10	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:synology:drive_client:*:*:*:*:*:desktop:*:*

History

08 Oct 2024, 16:06

Type	Values Removed	Values Added
CPE		cpe:2.3:a:synology:drive_client::::::desktop::*
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_10 - Vendor Advisory
First Time		Synology drive Client Synology

26 Sep 2024, 13:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-26 04:15

Updated : 2024-10-08 16:06

NVD link : CVE-2022-49041

Mitre link : CVE-2022-49041

CVE.ORG link : CVE-2022-49041

JSON object : View

Products Affected

synology

drive_client

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2022-49041", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "security@synology.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2024-09-26T04:15:05.620", "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10", "tags": ["Vendor Advisory"], "source": "security@synology.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@synology.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('Desbordamiento de b\u00fafer cl\u00e1sico') en la funcionalidad de administraci\u00f3n de tareas de copia de seguridad en Synology Drive Client anterior a 3.4.0-15721 permite que los usuarios locales con privilegios de administrador bloqueen el cliente a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-10-08T16:06:51.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synology:drive_client:*:*:*:*:*:desktop:*:*", "vulnerable": true, "matchCriteriaId": "FA63ED01-FFC4-4304-B511-8FF3260AEF74", "versionEndExcluding": "3.5.0-16084"}], "operator": "OR"}]}], "sourceIdentifier": "security@synology.com"}