Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37042

Nov. 22, 2024, 4:15 p.m.

Product(s) Impacted

QNAP QTS

  • 5.2.1.2930 build 20241025 and later

QNAP QuTS hero

  • 5.2.1.2929 build 20241025 and later

Description

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Weaknesses

CWE-476
NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

CWE ID: 476

Date

Published: Nov. 22, 2024, 4:15 p.m.

Last Modified: Nov. 22, 2024, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@qnapsecurity.com.tw

References

https://www.qnap.com/ security@qnapsecurity.com.tw