CVE-2023-51368

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Qts	Qnap	5.1.0.2348-build_20230325 (including)	5.1.0.2348-build_20230325 (including)
Qts	Qnap	5.1.0.2399-build_20230515 (including)	5.1.0.2399-build_20230515 (including)
Qts	Qnap	5.1.0.2418-build_20230603 (including)	5.1.0.2418-build_20230603 (including)
Qts	Qnap	5.1.0.2444-build_20230629 (including)	5.1.0.2444-build_20230629 (including)
Qts	Qnap	5.1.0.2466-build_20230721 (including)	5.1.0.2466-build_20230721 (including)
Qts	Qnap	5.1.1.2491-build_20230815 (including)	5.1.1.2491-build_20230815 (including)
Qts	Qnap	5.1.2.2533-build_20230926 (including)	5.1.2.2533-build_20230926 (including)
Qts	Qnap	5.1.3.2578-build_20231110 (including)	5.1.3.2578-build_20231110 (including)
Qts	Qnap	5.1.4.2596-build_20231128 (including)	5.1.4.2596-build_20231128 (including)
Qts	Qnap	5.1.5.2645-build_20240116 (including)	5.1.5.2645-build_20240116 (including)
Qts	Qnap	5.1.5.2679-build_20240219 (including)	5.1.5.2679-build_20240219 (including)

Potential Mitigations

References

https://www.qnap.com/en/security-advisory/qsa-24-20

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-51368
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References