{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49041", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "state": "PUBLISHED", "assignerShortName": "synology", "dateReserved": "2024-09-24T08:40:22.264Z", "datePublished": "2024-09-26T03:34:56.493Z", "dateUpdated": "2024-09-26T14:40:15.626Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120", "type": "CWE"}]}], "affected": [{"vendor": "Synology", "product": "Synology Drive Client", "versions": [{"version": "*", "status": "affected", "lessThan": "3.5.0-16084", "versionType": "semver"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10", "name": "Synology-SA-24:10 Synology Drive Client", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Zhao Runzi (\u8d75\u6da6\u6893)", "type": "finder"}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-09-26T03:34:56.493Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T14:40:06.125274Z", "id": "CVE-2022-49041", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:40:15.626Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-49041", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T14:40:06.125274Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:40:10.341Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Zhao Runzi (\u8d75\u6da6\u6893)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Synology", "product": "Synology Drive Client", "versions": [{"status": "affected", "version": "*", "lessThan": "3.5.0-16084", "versionType": "semver"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10", "name": "Synology-SA-24:10 Synology Drive Client", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology", "dateUpdated": "2024-09-26T03:34:56.493Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49041", "state": "PUBLISHED", "dateUpdated": "2024-09-26T14:40:15.626Z", "dateReserved": "2024-09-24T08:40:22.264Z", "assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "datePublished": "2024-09-26T03:34:56.493Z", "assignerShortName": "synology"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:drive_client:*:*:*:*:*:desktop:*:*", "matchCriteriaId": "FA63ED01-FFC4-4304-B511-8FF3260AEF74", "versionEndExcluding": "3.5.0-16084", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de copia de b\u00fafer sin verificar el tama\u00f1o de la entrada ('Desbordamiento de b\u00fafer cl\u00e1sico') en la funcionalidad de administraci\u00f3n de tareas de copia de seguridad en Synology Drive Client anterior a 3.4.0-15721 permite que los usuarios locales con privilegios de administrador bloqueen el cliente a trav\u00e9s de vectores no especificados."}], "id": "CVE-2022-49041", "lastModified": "2024-10-08T16:06:51.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security@synology.com", "type": "Secondary"}]}, "published": "2024-09-26T04:15:05.620", "references": [{"source": "security@synology.com", "tags": ["Vendor Advisory"], "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_10"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "security@synology.com", "type": "Primary"}]}

{}

{}