CVE-2024-5463

EPSS 1.64%
Veröffentlicht 04.06.2024 10:15:12
Zuletzt bearbeitet 04.08.2025 19:09:23
Quelle security@synology.com
Teams Watchlist Login
Unerledigt Login

A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically restart. The following models with Synology Camera Firmware versions before 1.1.1-0383 may be affected: BC500 and TC500.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Synology ≫ Bc500 Firmware Version < 1.1.1-0383

Synology ≫ Bc500 Version-

Synology ≫ Tc500 Firmware Version < 1.1.1-0383

Synology ≫ Tc500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.64%	0.812

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
security@synology.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.synology.com/en-global/security/advisory/Synology_SA_24_07

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5463

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5463

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5463

EUVD