CVE-2023-5748: Buffer Overflow
First published: Tue Oct 24 2023(Updated: )
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology SSL VPN Client | <1.4.7-0687 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5748?
CVE-2023-5748 is a 'Classic Buffer Overflow' vulnerability in the cgi component in Synology SSL VPN Client before version 1.4.7-0687.
How severe is CVE-2023-5748?
CVE-2023-5748 has a severity rating of 5.5, which is considered medium.
How can local users exploit CVE-2023-5748?
Local users can exploit CVE-2023-5748 by conducting denial-of-service attacks through unspecified vectors.
Which software versions are affected by CVE-2023-5748?
The Synology SSL VPN Client versions up to and excluding 1.4.7-0687 are affected by CVE-2023-5748.
Where can I find more information about CVE-2023-5748?
More information about CVE-2023-5748 can be found in the Synology security advisory: [link](https://www.synology.com/en-global/security/advisory/Synology_SA_23_12).
- collector/mitre-cve
- collector/nvd-api
- agent/author
- agent/description
- agent/epss
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/epss-latest
- source/FIRST
- vendor/synology
- canonical/synology ssl vpn client