Publish Time: 2017-08-11 00:00:00 UTC+8
Last Updated: 2018-01-12 15:43:08 UTC+8
CVE-2017-2885 allows man-in-the-middle attackers to cause denial-of-service attacks or execute arbitrary codes on a vulnerable version of File Station.
- Impact: Important
- CVSS3 Base Score: 7.3
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- File Station before 1.1.1-0103
- DSM 6.0
- DSM 5.2
- DSM 5.1
- All Synology models
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality.
To fix the security issue, please go to DSM > Package Center and update File Station to 1.1.1-0103 or above.
For DSM 5.2 and DSM 6.0, please update to 6.0.3-8754-6 or above.