Synology-SA-17:48 DSM

Publish Time: 2017-08-28 09:58:07 UTC+8

Last Updated: 2017-08-28 11:34:47 UTC+8

Severity
Low
Status
Resolved

Abstract

CVE-2017-12076 allows remote authenticated users to exhaust the memory resources and conduct a denial-of-service attack via a vulnerable version of Synology DiskStation Manager (DSM).

Severity

Affected

  • Products
    • DSM before 6.1.1-15088
  • Models
    • All Synology models

Description

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

Mitigation

None

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.1-15088 or above.