CVE-2025-34523

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection (UDP) versions prior to 10.2 Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1 Arcserve Unified Data Protection (UDP) versions 7.x and earlier

Description: A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). The flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. A remote attacker can send specially crafted data to corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. No user interaction is required, and exploitation occurs in the context of the vulnerable process.

Recommendations: Arcserve Unified Data Protection (UDP) versions prior to 10.2: Upgrade to version 10.2 to remediate the issue. Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1: Apply the necessary patch or upgrade to version 10.2. Arcserve Unified Data Protection (UDP) versions 7.x and earlier: Upgrade to version 10.2 to remediate the issue.