First published: Fri Feb 26 2021(Updated: )
Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology DiskStation Manager | <6.2.3-25426-3 | |
Synology Vs960hd Firmware | ||
Synology Vs960hd | ||
Synology Skynas Firmware | ||
Synology Skynas | ||
Synology Diskstation Manager Unified Controller | =3.0 | |
Synology Uc3200 | ||
Faad2 Project Faad2 | <2.2.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2021-26567.
The severity of CVE-2021-26567 is high with a CVSS score of 7.8.
CVE-2021-26567 allows local attackers to execute arbitrary code in the affected software.
Synology DiskStation Manager up to version 6.2.3-25426-3 and Faad2 up to version 2.2.7.1 are affected by CVE-2021-26567.
Upgrade to a patched version of the affected software.