Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-31439

Date: May 21, 2021

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.

Severity Score

Related Resources (9)

https://security-tracker.debian.org/tracker/CVE-2021-31439
https://lists.debian.org/debian-lts-announce/2023/05/msg00018.html
https://www.synology.com/zh-hk/security/advisory/Synology_SA_20_26
https://www.zerodayinitiative.com/advisories/ZDI-21-492/
https://nvd.nist.gov/vuln/detail/CVE-2021-31439
https://people.canonical.com/~ubuntu-security/cve/CVE-2021-31439
https://www.debian.org/security/2023/dsa-5503
https://security.gentoo.org/glsa/202311-02
https://www.mend.io/vulnerability-database/CVE-2021-31439

Severity Score

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us