CVE-2023-28502

CVSS V2 None CVSS V3 None

Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.

Overview

CVE ID
CVE-2023-28502

Assigner
cve@rapid7.con

Vulnerability Status
Modified

Published Version
2023-03-29T21:15:08

Last Modified Date
2023-04-12T19:15:08

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html
CWE-120	http://cwe.mitre.org/data/definitions/120.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
		AND
cpe:2.3:a:rocketsoftware:unidata::::::::	1	OR		8.2.4
cpe:2.3:a:rocketsoftware:universe::::::::	1	OR		11.3.5
cpe:2.3:a:rocketsoftware:universe::::::::	1	OR	12.0.0	12.2.1
cpe:2.3:o:linux:linux_kernel:-:::::::*	0	OR

References

Reference URL	Reference Tags
http://packetstormsecurity.com/files/171853/Rocket-Software-Unidata-8.2.4-Build-3003-Buffer-Overflow.html
https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28502
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28502

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 03:53:52				Added to TrackCVE
2023-04-17 03:53:55			Weakness Enumeration	new