CVE-2023-5748 - OpenCVE

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Synology	Ssl Vpn Client

Configuration 1 [-]

cpe:2.3:a:synology:ssl_vpn_client:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_23_12	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: synology

Published: 2023-10-24T10:26:59.087Z

Updated: 2023-11-09T09:51:01.023Z

Reserved: 2023-10-24T06:10:16.429Z

Link: CVE-2023-5748

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-07T04:24:19.670

Modified: 2023-11-14T18:41:08.300

Link: CVE-2023-5748

JSON object: View

Redhat Information

No data.

CWE

CWE-120

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:ssl_vpn_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "0043569B-CE32-4253-80ED-DD52EEF650AB", "versionEndExcluding": "1.4.7-0687", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin comprobar el tama\u00f1o de la entrada ('Desbordamiento de b\u00fafer cl\u00e1sico') en el componente cgi en Synology SSL VPN Client anterior a 1.4.7-0687 permite a los usuarios locales realizar ataques de denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."}], "id": "CVE-2023-5748", "lastModified": "2023-11-14T18:41:08.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@synology.com", "type": "Secondary"}]}, "published": "2023-11-07T04:24:19.670", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_12"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}