CVE-2023-28505

Name of the Vulnerable Software and Affected Versions Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002

Description The issue is related to a buffer overflow in an API function of Rocket Software UniData and UniVerse, where a string is copied into a caller-provided buffer without checking the length. This can be exploited by a remote attacker with a valid login, potentially allowing the execution of arbitrary code.

Recommendations For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later. For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later. For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later. As a temporary workaround, consider restricting access to the vulnerable API function until a patch is available.