Synology-SA-18:61 Magellan

Publish Time: 2018-12-18 11:58:48 UTC+8

Last Updated: 2018-12-22 11:28:05 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

Magellan vulnerability allows remote authenticated users to conduct denial-of-service attacks or possibly execute arbitrary code via a susceptible version of Synology products.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
DSM 6.1 Moderate Pending
DSM 5.2 Moderate Pending
SkyNAS Moderate Pending
VS960HD Moderate Ongoing
SRM 1.2 Moderate Ongoing
Active Backup Moderate Ongoing
Download Station Moderate Ongoing
Log Center Moderate Ongoing
Mail Server Moderate Ongoing
MailPlus Moderate Ongoing
MailPlus Server Moderate Ongoing
Python 3 Moderate Ongoing
Surveillance Station Moderate Ongoing
Synology Application Service Moderate Ongoing
Universal Search Moderate Ongoing
iOS Chat Moderate Ongoing
iOS MailPlus Moderate Ongoing
iOS DS Note Moderate Ongoing
iOS LiveCam Moderate Ongoing
iOS Cloud Moderate Ongoing
iOS Drive Moderate Ongoing
iOS Moments Moderate Ongoing
Android Chat Moderate Ongoing
Android MailPlus Moderate Ongoing
Android DS file Moderate Ongoing
Android DS finder Moderate Ongoing
Android DS note Moderate Ongoing
Android DS get Moderate Ongoing
Android DS audio Moderate Ongoing
Android Cloud Moderate Ongoing
Android DS photo Moderate Ongoing
Android DS video Moderate Ongoing
Android Drive Moderate Ongoing
Android Moments Moderate Ongoing

Mitigation

None

Detail

  • CVE-2018-20346
    • Severity: Moderate
    • CVSS3 Base Score: 6.3
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
    • SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Reference

Revision

Revision Date Description
1 2018-12-18 Initial public release.
2 2018-12-22 Disclosed vulnerability details.