Lucene search
Rapid7CVELIST:CVE-2023-28507HistoryMar 29, 2023 - 8:15 p.m.
CVE-2023-28507 Memory exhaustion in LZ4 decompression in UniRPC daemon
2023-03-2920:15:41
CWE-400
rapid7
www.cve.org
cve-2023-28507
unidata
universe
memory exhaustion
decompression
unirpc daemon
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniData",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "8.2.43.3003",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "UniVerse",
"vendor": "Rocket Software",
"versions": [
{
"lessThan": "11.3.5.1001",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "12.2.1.2002",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-28507
2023-03-29 21:15:08
nvd
nvd
CVE-2023-28507
2023-03-29 21:15:08
prion
prion
Design/Logic Flaw
2023-03-29 21:15:00
rapid7blog
rapid7blog
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
2023-03-29 15:21:09