VDB
CVE-2021-31439
CVE-2021-31439
PUBLISHED
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.
EPSS 1.04% · 77.7th percentile
Risk Scores
EPSS Score
1.04%
77.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | netatalk | 0, 3.1.12~ds-3, * |
| Ubuntu:22.04:LTS | netatalk | 0, 3.1.12~ds-9build1, * |
Timeline
- May 21, 2021 CVE Published
- May 22, 2021 EPSS Score
- Sep 24, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 27, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Sep 28, 2022 EPSS Score
- Jan 28, 2023 EPSS Score
- Mar 31, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Dec 1, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-31439 third-party-advisory
- https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html third-party-advisory
- https://ubuntu.com/security/notices/USN-6146-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-31439 third-party-advisory