9 matches found
CVE-2023-28505
CVE-2023-28505 affects Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001, pre-12.2.1 build 2002). It describes a buffer overflow in an API function that copies a string into a caller-provided buffer without length checking, requiring a valid login to exploit. Conn...
CVE-2023-28502
CVE-2023-28502 affects Rocket Software UniData/UniVerse: stack-based buffer overflow in the udadmin_server RPC service (and related UniRPC components) permitting remote code execution as root on Linux. Affected versions include UniData <= 8.2.4 build 3003 and UniVerse
CVE-2023-28508
CVE-2023-28508 is a heap-based overflow affecting Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001 or pre-12.2.1 build 2002). The issue arises in the UniRPC stack (unirpcd and related components): input handling in the RPC packet body can overflow the heap when a...
CVE-2023-28501
CVE-2023-28501 affects Rocket Software UniData (pre-8.2.4 build 3003) and UniVerse (pre-11.3.5 build 1001 or pre-12.2.1 build 2002). The root cause is a heap-based buffer overflow in the unirpcd daemon, enabling remote code execution as root if exploited. Connected sources document a pre-authenti...
CVE-2023-28509
CVE-2023-28509 affects Rocket Software UniData/UniVerse, where packet-level security and on-wire passwords are protected with weak encryption. Affected versions: UniData < 8.2.4 build 3003; UniVerse < 11.3.5 build 1001; UniVerse
CVE-2023-28503
CVE-2023-28503 describes an authentication bypass in Rocket Software UniData/UniVerse UniRPC stack. The root cause is a flaw in libunidata.so and related RPC services that lets an attacker authenticate as a legitimate Linux user using a special username (:local:) and a deterministic, encoded pass...
CVE-2023-28504
CVE-2023-28504 describes a pre-authentication stack-buffer overflow in Rocket Software UniData/UniVerse components (libunidata.so) via the UniRPC server and related services. The issue, tied to U_rep_rpc_server_submain() and related code paths, can allow remote code execution as root without auth...
CVE-2023-28506
CVE-2023-28506 is a stack-based buffer overflow in Rocket Software UniRPC-related components affecting UniData before 8.2.4 build 3003 and UniVerse before 11.3.5 build 1001 or 12.2.1 build 2002. The root cause is copying a string into a stack buffer using a memcpy-like routine with a user-supplie...
CVE-2023-28507
CVE-2023-28507 describes a memory-exhaustion issue in Rocket Software UniData/UniVerse: the LZ4 decompression in the UniRPC daemon (unirpcd) can allocate increasing memory until allocation failure. Affected products are UniData < 8.2.4 build 3003 and UniVerse < 11.3.5 build 1001 or