CVE-2023-28505

EPSS 0.25%
Veröffentlicht 29.03.2023 21:15:08
Zuletzt bearbeitet 18.02.2025 16:15:15
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rocketsoftware ≫ Unidata Version <= 8.2.4

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version <= 11.3.5

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version >= 12.0.0 <= 12.2.1

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28505

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28505

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28505

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28505