Synology-SA-23:12 Synology SSL VPN Client

Publish Time: 2023-08-24 17:57:48 UTC+8

Last Updated: 2023-10-25 10:23:31 UTC+8

Severity
Low
Status
Resolved

Abstract

A vulnerability allows local users to conduct denial-of-service attack via a susceptible version of Synology SSL VPN Client.

Affected Products

Product Severity Fixed Release Availability
Synology SSL VPN Client Low Upgrade to 1.4.7-0687 or above.

Mitigation

None

Detail

  • CVE-2023-5748
    • Severity: Low
    • CVSS3 Base Score: 3.3
    • CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
    • Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.

Acknowledgement

chumen77(GAO JUYANG) from WeBin Lab of DbappSecurity Co.,Ltd.

Revision

Revision Date Description
1 2023-08-24 Initial public release.
2 2023-10-24 Disclosed vulnerability details.