CVE-2024-10442
CRITICALDescription
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.
Is your site exposed to CVE-2024-10442?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| synology | unified_controller |
| synology | diskstation_manager_unified_controller |
| synology | replication_service |
| synology | diskstation_manager |
| synology | replication_service |
| synology | diskstation_manager |
| syncology | replication_service |
| synology | diskstation_manager |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-10442? +
How severe is CVE-2024-10442? +
What products are affected by CVE-2024-10442? +
How do I check if I'm vulnerable to CVE-2024-10442? +
Related Vulnerabilities
Gogs is an open source self-hosted Git service. Prior to 0.14.3, a repository admin collaborator can escalate their privileges to …
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula …
Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName …
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, …
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB …
Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that …