Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN579
_____________________________________________________________________

DATE                : 03/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running BeeDrive for desktop versions
                                     prior to 1.3.2-13814.

=====================================================================
https://www.synology.com/en-global/security/advisory/Synology_SA_24_26
_____________________________________________________________________

Synology-SA-24:26 BeeDrive for desktop

Publish Time: 2024-11-26 18:21:36 UTC+8

Last Updated: 2026-05-27 16:27:19 UTC+8

Severity       Important

Status       Resolved


Abstract

A vulnerability allows local users to execute arbitrary code.

A vulnerability allows local users to conduct denial-of-service attacks.


Affected Products

Product 	Severity 	Fixed Release Availability
BeeDrive for desktop 	Important 	Upgrade to 1.3.2-13814 or above.


Mitigation

None

Detail

    CVE-2023-52945
        Severity: Important
        CVSS3 Base Score: 7.8
        CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        CWE-427: Uncontrolled Search Path Element
        Uncontrolled search path element vulnerability in OpenSSL DLL
component in Synology BeeDrive for desktop before 1.3.2-13814 allows local
users to execute arbitrary code via unspecified vectors.

    CVE-2024-11399
        Severity: Moderate
        CVSS3 Base Score: 6.8
        CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
        CWE-552: Files or Directories Accessible to External Parties
        Files or directories accessible to external parties vulnerability in
redis-server component in Synology BeeDrive for desktop before 1.3.2-13814
allows local users to conduct denial-of-service attacks via unspecified
vectors.


Acknowledgement

    Bocheng Xiang with FDU(@crispr)

    Zhao Runzi (赵润梓)


Reference

    CVE-2023-52945
    CVE-2024-11399


Revision

Revision 	Date 	Description
1 	2024-11-26 	Initial public release.
2 	2026-05-27 	Disclosed vulnerability details.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================