CVE-2023-28502

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002

Description The issue is related to a stack-based buffer overflow in the udadmin service, which can lead to remote code execution as the root user. This allows a remote attacker to execute arbitrary code.

Recommendations For Rocket Software UniData versions prior to 8.2.4 build 3003, update to version 8.2.4 build 3003 or later. For Rocket Software UniVerse versions prior to 11.3.5 build 1001, update to version 11.3.5 build 1001 or later. For Rocket Software UniVerse versions prior to 12.2.1 build 2002, update to version 12.2.1 build 2002 or later. As a temporary workaround, consider disabling the udadmin service until a patch is available.

Exploit

Fix

Buffer Overflow

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120CWE-787CWE-121

Related Identifiers

BDU:2023-07456

CVE-2023-28502

Affected Products

Unidata

Universe

CVE-2023-28502

Weakness Enumeration

Related Identifiers

Affected Products

References · 9