Synology-SA-22:22 Samba
Publish Time: 2022-11-17 16:42:57 UTC+8
Last Updated: 2022-12-26 10:11:19 UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
None of Synology's products are affected by CVE-2022-42898.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 6.2 | Not affected | N/A |
| SRM 1.3 | Not affected | N/A |
| SRM 1.2 | Not affected | N/A |
| DSMUC 3.1 | Not affected | N/A |
| VS Firmware 3.0 | Not affected | N/A |
| VS Firmware 2.3 | Not affected | N/A |
| SMB Service for DSM 7.1 | Not affected | N/A |
| SMB Service for DSM 7.0 | Not affected | N/A |
| Synology Directory Server for DSM 7.1 | Not affected | N/A |
| Synology Directory Server for DSM 7.0 | Not affected | N/A |
| Synology Directory Server for DSM 6.2 | Not affected | N/A |
Mitigation
None
Detail
- CVE-2022-42898
- Severity: Not affected
- CVSS3 Base Score: 0.0
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
- PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2022-11-17 | Initial public release. |