CVE-2023-28506

CVE-2023-28506: Stack buffer overflow in UniRPC service

Vendor Rocket Software
Product UniData
Weakness CWE-120
Published March 29, 2023
Last update February 18, 2025

CVSS base score

What the vulnerability does

01Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.

Key dates

02Disclosure timeline

March 29, 2023 CVE published
February 18, 2025 Record updated