A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later

Related CVEs

CVE-2023-41292

Key Information

GHSA ID

GHSA-cj8g-f3w9-gg24

Published

February 2, 2024 6:30 PM

Last Modified

February 2, 2024 6:30 PM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 30, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.