Details of VAR-202102-1231

ID

VAR-202102-1231

CVE

CVE-2021-26567

TITLE

faad2 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004180

DESCRIPTION

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. faad2 Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information

Trust: 1.71

sources: NVD: CVE-2021-26567 // JVNDB: JVNDB-2021-004180 // VULHUB: VHN-385708

AFFECTED PRODUCTS

vendor:	synology	model:	diskstation manager	scope:	lt	version:	6.2.3-25426-3	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	eq	version:	3.0	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	faad2	model:	faad2	scope:	lt	version:	2.2.7.1	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	diskstation manager unified controller	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	skynas	scope:	-	version:	-	Trust: 0.8
vendor:	synology	model:	vs960hd	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004180 // NVD: CVE-2021-26567

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-26567
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-26567
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-1702
value:	HIGH
Trust: 0.6
VULHUB:	VHN-385708
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-26567
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-385708
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-26567
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-26567
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-385708 // JVNDB: JVNDB-2021-004180 // CNNVD: CNNVD-202102-1702 // NVD: CVE-2021-26567

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004180 // NVD: CVE-2021-26567

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-1702

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1702

PATCH

title:	Synology-SA-20	url:	https://www.synology.com/security/advisory/Synology_SA_20_26	Trust: 0.8
title:	Synology DiskStation Manager Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=142938	Trust: 0.6

sources: JVNDB: JVNDB-2021-004180 // CNNVD: CNNVD-202102-1702

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26567	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004180	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-1702	Trust: 0.6
db:	VULHUB	id:	VHN-385708	Trust: 0.1

sources: VULHUB: VHN-385708 // JVNDB: JVNDB-2021-004180 // CNNVD: CNNVD-202102-1702 // NVD: CVE-2021-26567

REFERENCES

url:	https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa	Trust: 2.5
url:	https://www.synology.com/security/advisory/synology_sa_20_26	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26567	Trust: 1.4

sources: VULHUB: VHN-385708 // JVNDB: JVNDB-2021-004180 // CNNVD: CNNVD-202102-1702 // NVD: CVE-2021-26567

SOURCES

db:	VULHUB	id:	VHN-385708
db:	JVNDB	id:	JVNDB-2021-004180
db:	CNNVD	id:	CNNVD-202102-1702
db:	NVD	id:	CVE-2021-26567

LAST UPDATE DATE

2024-11-23T22:20:52.106000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-385708	date:	2021-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-004180	date:	2021-11-16T06:39:00
db:	CNNVD	id:	CNNVD-202102-1702	date:	2023-06-27T00:00:00
db:	NVD	id:	CVE-2021-26567	date:	2024-11-21T05:56:29.997

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-385708	date:	2021-02-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-004180	date:	2021-11-16T00:00:00
db:	CNNVD	id:	CNNVD-202102-1702	date:	2021-02-26T00:00:00
db:	NVD	id:	CVE-2021-26567	date:	2021-02-26T22:15:20.707