Vulnerability Description
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rocketsoftware | Unidata | <= 8.2.4 |
| Rocketsoftware | Universe | <= 11.3.5 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-sThird Party Advisory
- https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-sThird Party Advisory
FAQ
What is CVE-2023-28506?
CVE-2023-28506 is a vulnerability with a CVSS score of 8.8 (HIGH). Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied int...
How severe is CVE-2023-28506?
CVE-2023-28506 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28506?
Check the references section above for vendor advisories and patch information. Affected products include: Rocketsoftware Unidata, Rocketsoftware Universe, Linux Linux Kernel.