Synology-SA-24:26 BeeDrive for desktop

Publish Time: 2024-11-26 18:21:36 UTC+8

Last Updated: 2026-05-27 16:27:19 UTC+8

Severity: Important

Status: Resolved

Abstract

A vulnerability allows local users to execute arbitrary code.

A vulnerability allows local users to conduct denial-of-service attacks.

Affected Products

Product	Severity	Fixed Release Availability
BeeDrive for desktop	Important	Upgrade to 1.3.2-13814 or above.

Mitigation

None

Detail

CVE-2023-52945
- Severity: Important
- CVSS3 Base Score: 7.8
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE-427: Uncontrolled Search Path Element
- Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CVE-2024-11399
- Severity: Moderate
- CVSS3 Base Score: 6.8
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
- CWE-552: Files or Directories Accessible to External Parties
- Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.

Acknowledgement

Bocheng Xiang with FDU(@crispr)
Zhao Runzi (赵润梓)

Reference

Revision

Revision	Date	Description
1	2024-11-26	Initial public release.
2	2026-05-27	Disclosed vulnerability details.