Lucene search
Rapid7CVELIST:CVE-2023-28505HistoryMar 29, 2023 - 8:12 p.m.
CVE-2023-28505 Buffer overflow in UniRPC library function
2023-03-2920:12:24
CWE-120
rapid7
www.cve.org
cve-2023-28505
buffer overflow
unirpc library
rocket software unidata
universe
api function
login-required exploit
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniData",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "8.2.43.3003",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniVerse",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "11.3.5.1001",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "12.2.1.2002",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-28505
2023-03-29 21:15:08
prion
prion
Buffer overflow
2023-03-29 21:15:00
nvd
nvd
CVE-2023-28505
2023-03-29 21:15:08
rapid7blog
rapid7blog
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
2023-03-29 15:21:09