Synology-SA-22:20 Samba

Publish Time: 2022-10-27 13:44:08 UTC+8

Last Updated: 2022-10-27 13:44:08 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

CVE-2022-3437 allows remote authenticated users to conduct denial-of-service attacks via a susceptible version of Synology DiskStation Manager (DSM), SMB Service and Synology Directory Server.

None of Synology's products are affected by CVE-2022-3592 as this vulnerability only affect Samba 4.17 and later.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
SRM 1.3 Not affected N/A
SRM 1.2 Not affected N/A
DSMUC 3.1 Not affected N/A
VS Firmware 3.0 Not affected N/A
VS Firmware 2.3 Not affected N/A
SMB Service for DSM 7.1 Moderate Ongoing
SMB Service for DSM 7.0 Moderate Ongoing
Synology Directory Server for DSM 7.1 Moderate Ongoing
Synology Directory Server for DSM 7.0 Moderate Ongoing
Synology Directory Server for DSM 6.2 Moderate Ongoing

Mitigation

None

Detail

Reserved

Reference

Revision

Revision Date Description
1 2022-10-27 Initial public release.