cve-2021-31439
Vulnerability from cvelistv5
Published
2021-05-21 00:00
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
References
▼ | URL | Tags | |
---|---|---|---|
zdi-disclosures@trendmicro.com | https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html | Mailing List, Third Party Advisory | |
zdi-disclosures@trendmicro.com | https://security.gentoo.org/glsa/202311-02 | Issue Tracking, Third Party Advisory | |
zdi-disclosures@trendmicro.com | https://www.debian.org/security/2023/dsa-5503 | Third Party Advisory | |
zdi-disclosures@trendmicro.com | https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26 | Vendor Advisory | |
zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-21-492/ | Third Party Advisory, VDB Entry |
Impacted products
▼ | Vendor | Product |
---|---|---|
Synology | DiskStation Manager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:55:53.784Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-492/" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26" }, { "name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html" }, { "name": "DSA-5503", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5503" }, { "name": "GLSA-202311-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "DiskStation Manager", "vendor": "Synology", "versions": [ { "status": "affected", "version": "6.1.1-15101-4" } ] } ], "credits": [ { "lang": "en", "value": "Angelboy(@scwuaptx) from DEVCORE Security Team" } ], "descriptions": [ { "lang": "en", "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-01T16:06:27.666921", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-492/" }, { "url": "https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26" }, { "name": "[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html" }, { "name": "DSA-5503", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5503" }, { "name": "GLSA-202311-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202311-02" } ] } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2021-31439", "datePublished": "2021-05-21T00:00:00", "dateReserved": "2021-04-16T00:00:00", "dateUpdated": "2024-08-03T22:55:53.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-31439\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2021-05-21T15:15:07.707\",\"lastModified\":\"2023-11-22T20:34:05.293\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Synology DiskStation Manager.\u0026#xa0;No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad.\u0026#xa0;El fallo espec\u00edfico existe dentro del procesamiento de estructuras DSI en Netatalk.\u0026#xa0;El problema es debido a una falta de validaci\u00f3n apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer en la regi\u00f3n heap de la memoria.\u0026#xa0;Un atacante puede explotar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual.\u0026#xa0;Fue ZDI-CAN-12326\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:diskstation_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.2.3-25426-3\",\"matchCriteriaId\":\"2978B4D8-CFFD-4DFD-BA2A-B1A267EFA58F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.13\",\"matchCriteriaId\":\"24D5049D-2145-4D39-BFAC-6D810026956D\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-02\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5503\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-492/\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.