CVE-2023-28507

CVE-2023-28507: Memory exhaustion in LZ4 decompression in UniRPC daemon

Vendor Rocket Software

Product UniData

Weakness CWE-400

Published March 29, 2023

Last update February 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.

Key dates

02Disclosure timeline

March 29, 2023 CVE published

February 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28507 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2023-28507

CWE CWE-400

Affected versions

Vendor Rocket Software

Product UniData

Affected < 8.2.43.3003

Vendor Rocket Software

Product UniVerse

Affected < 11.3.5.1001

Vendor Rocket Software

Product UniVerse

Affected < 12.2.1.2002

CVE-2023-28507: Memory exhaustion in LZ4 decompression in UniRPC daemon

01Description

02Disclosure timeline

03References

04Related CVE