What is CVE-2023-28502?

CVE-2023-28502 is a vulnerability in Rocket Software Unidata, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2023-03-29.

Is CVE-2023-28502 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Rocket Software Unidata

CVE-2023-28502

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as t…

Vulnerability class: Buffer Overflow

EPSS: 0.679 (98.6th percentile) — read the EPSS interpretation.

Affected products

Rocket Software Unidata — versions 0
Rocket Software Universe — versions 0

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2023-28502?: CVE-2023-28502 is a vulnerability in Rocket Software Unidata, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2023-03-29.
Is CVE-2023-28502 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.