Synology-SA-23:12 Synology SSL VPN Client
Publish Time: 2023-08-24 17:57:48 UTC+8
Last Updated: 2023-10-25 10:23:31 UTC+8
- Severity
- Low
- Status
- Resolved
Abstract
A vulnerability allows local users to conduct denial-of-service attack via a susceptible version of Synology SSL VPN Client.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Synology SSL VPN Client | Low | Upgrade to 1.4.7-0687 or above. |
Mitigation
None
Detail
- CVE-2023-5748
- Severity: Low
- CVSS3 Base Score: 3.3
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
Acknowledgement
chumen77(GAO JUYANG) from WeBin Lab of DbappSecurity Co.,Ltd.
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-08-24 | Initial public release. |
| 2 | 2023-10-24 | Disclosed vulnerability details. |