CVE-2023-52946

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Sep 26, 2024
CWE ID 120

Summary

CVE-2023-52946 is a buffer overflow vulnerability affecting the vss service component in Synology Drive Client versions prior to 3.5.0-16084, allowing remote attackers to overwrite buffers and potentially crash the client. The vulnerability has a high base score of 8.2 and an exploitability score of 3.9, with attack vectors requiring no user interaction and posing a low integrity impact but a high availability impact. Remediation involves upgrading to Synology Drive Client version 3.5.0-16084 or later, as detailed in Synology's security advisory. If exploited, this vulnerability could disrupt services by crashing the application, thereby affecting organizational operations. Users are advised to monitor their systems for potential exploitation attempts while applying the necessary updates promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share