CVE-2021-31439
Synology DiskStation Manager Netatalk dsi_doff Heap-based Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
4Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar código arbitrario en las instalaciones afectadas de Synology DiskStation Manager. No se requiere autenticación para explotar esta vulnerabilidad. El fallo específico existe dentro del procesamiento de estructuras DSI en Netatalk. El problema es debido a una falta de validación apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un búfer en la región heap de la memoria. Un atacante puede explotar esta vulnerabilidad para ejecutar código en el contexto del proceso actual. Fue ZDI-CAN-12326
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation DS418play. Authentication is not required to exploit this vulnerablity.
The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. A remote attacker could possibly use this issue to execute arbitrary code with the privileges of the user invoking the programs. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Netatalk did not properly validate the length of user-supplied data in the ad_addcomment function. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-16 CVE Reserved
- 2021-04-29 CVE Published
- 2024-08-03 CVE Updated
- 2025-04-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2023/0... | Mailing List |
|
| https://www.zerodayinitiative.com/advisories/ZDI-21... | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202311-02 | 2023-11-22 | |
| https://www.debian.org/security/2023/dsa-5503 | 2023-11-22 | |
| https://www.synology.com/zh-hk/security/advisory/Synology_... | 2023-11-22 |