{"cve":{"cve_id":"CVE-2023-32970","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00501,"epss_percentile":0.38902,"epss_as_of":"2026-06-23","description":"A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n","published_at":"2023-10-13T19:16:18.592000Z","last_modified_at":null,"cvss_v3_score":4.9,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-476"],"nvd_references":["https://www.qnap.com/en/security-advisory/qsa-23-41"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:31:23.274887Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"5.1.x","version_start_inclusive":true,"version_end":"5.1.0.2444 build 20230629","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:5.1.x:5.1.0.2444 build 20230629"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"4.5.x","version_start_inclusive":true,"version_end":"4.5.4.2467 build 20230718","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:4.5.x:4.5.4.2467 build 20230718"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qutscloud","product_name":"QuTScloud","version_start":"c5.x","version_start_inclusive":true,"version_end":"c5.1.0.2498","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qutscloud:c5.x:c5.1.0.2498"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h5.0.x","version_start_inclusive":true,"version_end":"h5.0.1.2515 build 20230907","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h5.0.x:h5.0.1.2515 build 20230907"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h5.1.x","version_start_inclusive":true,"version_end":"h5.1.0.2453 build 20230708","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h5.1.x:h5.1.0.2453 build 20230708"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h4.5.x","version_start_inclusive":true,"version_end":"h4.5.4.2476 build 20230728","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h4.5.x:h4.5.4.2476 build 20230728"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-23-41","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-10-13T19:16:18.592000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:28:26.600560Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:28:26.600560Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:28:26.600560Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:31:23.274887Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:31:23.274887Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:31:23.274887Z","label":"SSVC decision revised","source":"vulnrichment"}]}