CVE-2023-28507

EPSS 0.92%
Veröffentlicht 29.03.2023 21:15:08
Zuletzt bearbeitet 18.02.2025 15:15:14
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Memory exhaustion in LZ4 decompression in UniRPC daemon

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rocketsoftware ≫ Unidata Version <= 8.2.4

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version <= 11.3.5

Linux ≫ Linux Kernel Version-

Rocketsoftware ≫ Universe Version >= 12.0.0 <= 12.2.1

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.92%	0.557

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28507

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28507