PT-2023-21764 · Rocket · Unidata+1
Ron Bowes
·
Published
2023-03-29
·
Updated
2023-04-06
·
CVE-2023-28501
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Rocket Software UniData versions prior to 8.2.4 build 3003
Rocket Software UniVerse versions prior to 11.3.5 build 1001
Rocket Software UniVerse versions prior to 12.2.1 build 2002
Description
The issue is a heap-based buffer overflow in the unirpcd daemon. If successfully exploited, it can lead to remote code execution as the root user.
Recommendations
For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later.
For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later.
For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later.
As a temporary workaround, consider disabling the unirpcd daemon until a patch is available.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unidata
Universe