{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-56805","assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","state":"PUBLISHED","assignerShortName":"qnap","dateReserved":"2024-12-31T09:31:29.719Z","datePublished":"2025-06-06T15:53:13.936Z","dateUpdated":"2025-06-06T16:35:40.607Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QTS","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"5.2.4.3079 build 20250321","status":"affected","version":"5.2.x","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"QuTS hero","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"h5.2.4.3079 build 20250321","status":"affected","version":"h5.2.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Searat and izut"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.<br><br>We have already fixed the vulnerability in the following versions:<br>QTS 5.2.4.3079 build 20250321 and later<br>QuTS hero h5.2.4.3079 build 20250321 and later<br>"}],"value":"A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"}],"impacts":[{"capecId":"CAPEC-100","descriptions":[{"lang":"en","value":"CAPEC-100"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":5.3,"baseSeverity":"MEDIUM","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120","lang":"en","type":"CWE"},{"cweId":"CWE-122","description":"CWE-122","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap","dateUpdated":"2025-06-06T15:53:13.936Z"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-25-12"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following versions:<br>QTS 5.2.4.3079 build 20250321 and later<br>QuTS hero h5.2.4.3079 build 20250321 and later<br>"}],"value":"We have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"}],"source":{"advisory":"QSA-25-12","discovery":"EXTERNAL"},"title":"QTS, QuTS hero","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-06T16:19:29.385950Z","id":"CVE-2024-56805","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-06T16:35:40.607Z"}}]}}