Publish Time: 2018-12-21 17:58:09 UTC+8
Last Updated: 2019-01-04 17:50:23 UTC+8
A vulnerability allows remote attackers to execute arbitrary code via a susceptible version of Synology Diskstation Manager (DSM) and Synology Router Manager (SRM).
|Product||Severity||Fixed Release Availability|
|DSM 6.2||Critical||Upgrade to 6.2.1-23824-4 or above.|
|DSM 6.1||Critical||Upgrade to 6.1.7-15284-3 or above.|
|DSM 5.2||Critical||Upgrade to 5.2-5967-9 or above.|
|SkyNAS||Critical||Please manually download and install version 6.1.7-15284-3.|
|VS960HD||Critical||Upgrade to 2.3.3-1646 or above.|
|SRM 1.2||Important||Upgrade to 1.2-7742-5 or above.|
If you need immediate assistance, please contact Synology technical support via https://account.synology.com/support.
- Severity: Critical
- CVSS3 Base Score: 9.8
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
|1||2018-12-21||Initial public release.|
|2||2018-12-21||Update for DSM 6.2 is now available in Affected Products.|
|3||2018-12-26||Update for VS960HD is now available in Affected Products.|
|4||2018-12-28||Update for SRM 1.2 is now available in Affected Products.|
|5||2019-01-02||Update for DSM 6.1 and DSM 5.2 are now available in Affected Products.|
|6||2019-01-04||Update for SkyNAS is now available in Affected Products.|