CVE-2022-27612: Buffer Overflow
First published: Thu Jul 28 2022(Updated: )
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Audio Station | <6.5.4-3367 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-27612?
CVE-2022-27612 is a buffer overflow vulnerability in the cgi component of Synology Audio Station before version 6.5.4-3367, allowing remote attackers to execute arbitrary commands.
How severe is CVE-2022-27612?
CVE-2022-27612 has a severity rating of 9.8, which is considered critical.
How does CVE-2022-27612 occur?
CVE-2022-27612 occurs due to a buffer copy operation without checking the size of the input, leading to a classic buffer overflow.
Which software is affected by CVE-2022-27612?
Synology Audio Station versions prior to 6.5.4-3367 are affected by CVE-2022-27612.
How can I fix CVE-2022-27612?
To fix CVE-2022-27612, update Synology Audio Station to version 6.5.4-3367 or later.
- collector/nvd-index
- vendor/synology
- canonical/synology audio station