Input validation

2024-02-0216:15:00

PRIOn knowledge base

www.prio-n.com

buffer copy vulnerability

qnap os

input validation

code execution

nvd

patched versions

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.1%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.1.2.2534 build 20230927 and later
QuTScloud c5.1.5.2651 and later

CPENameOperatorVersion
qtseq5.1.0.2348 build-20230325
qtseq5.1.0.2418 build-20230603
qtseq5.1.0.2399 build-20230515
qtseq5.1.0.2466 build-20230721
qtseq5.1.1.2491 build-20230815
qtseq5.1.0.2444 build-20230629
qtseq5.1.2.2533
quts_heroeqh5.1.0.2409 build-20230525
quts_heroeqh5.1.1.2488 build-20230812
quts_heroeqh5.1.0.2466 build-20230721

Name	Operator	Version
qts	eq	5.1.0.2348 build-20230325
qts	eq	5.1.0.2418 build-20230603
qts	eq	5.1.0.2399 build-20230515
qts	eq	5.1.0.2466 build-20230721
qts	eq	5.1.1.2491 build-20230815
qts	eq	5.1.0.2444 build-20230629
qts	eq	5.1.2.2533
quts_hero	eq	h5.1.0.2409 build-20230525
quts_hero	eq	h5.1.1.2488 build-20230812
quts_hero	eq	h5.1.0.2466 build-20230721