admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/34xxx/CVE-2021-34344.json
Stanley S Huang 6646b3f12c Change CWE from CWE-120 to CWE-787 
For adjustment to CVMAP Acceptance Level
2022-01-03 14:00:32 +08:00

121 lines
4.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2021-09-10T09:37:00.000Z",
"ID": "CVE-2021-34344",
"STATE": "PUBLIC",
"TITLE": "Stack Buffer Overflow Vulnerability in QUSBCam2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QUSBCam2",
"version": {
"version_data": [
{
"platform": "QTS 4.5.4",
"version_affected": "<",
"version_value": "1.1.4 ( 2021/07/30 )"
},
{
"platform": "QTS 5.0",
"version_affected": "<",
"version_value": "2.0.1 ( 2021/08/03 )"
},
{
"platform": "QTS 4.3.6",
"version_affected": "<",
"version_value": "1.1.4 ( 2021/07/30 )"
},
{
"platform": "QTS 4.3.3",
"version_affected": "<",
"version_value": "1.1.4 ( 2021/08/06 )"
},
{
"platform": "QuTS hero 4.5.3",
"version_affected": "<",
"version_value": "1.1.4 ( 2021/07/30 )"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "crixer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of QUSBCam2: QTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later QTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later QTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later QuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-21-34",
"name": "https://www.qnap.com/en/security-advisory/qsa-21-34"
}
]
},
"solution": [
{
"lang": "eng",
"value": "We have already fixed this vulnerability in the following versions of QUSBCam2:\nQTS 4.5.4: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 5.0: QUSBCam2 2.0.1 ( 2021/08/03 ) and later\nQTS 4.3.6: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\nQTS 4.3.3: QUSBCam2 1.1.4 ( 2021/08/06 ) and later\nQuTS hero 4.5.3: QUSBCam2 1.1.4 ( 2021/07/30 ) and later\n"
}
],
"source": {
"advisory": "QSA-21-34",
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink