CVE-2024-39349: Buffer Overflow
First published: Fri Jun 28 2024(Updated: )
A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Camera Firmware | <1.0.7-0298 | |
| All of | ||
| <1.0.7-0298 | ||
| All of | ||
| <1.0.7-0298 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39349?
CVE-2024-39349 is classified as a high-severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-39349?
To fix CVE-2024-39349, you should update your Synology Camera Firmware to the latest version available beyond 1.0.7-0298.
What devices are affected by CVE-2024-39349?
CVE-2024-39349 affects Synology Camera models with firmware versions up to 1.0.7-0298.
Can CVE-2024-39349 be exploited remotely?
Yes, CVE-2024-39349 can be exploited remotely, allowing attackers to execute arbitrary code.
Is the upstream libjansson library affected by CVE-2024-39349?
No, the upstream libjansson library is not affected by CVE-2024-39349, which is specific to Synology's implementation.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/synology
- canonical/synology camera firmware