CVE-2023-28502— Stack buffer overflow in UniRPC's udadmin_server service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-28502
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stack buffer overflow in UniRPC's udadmin_server service
Source: NVD (National Vulnerability Database)
Vulnerability Description
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the root user.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rocket Software UniData 和 UniVerse 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rocket Software UniVerse和Rocket Software UniData都是美国Rocket Software公司的产品。Rocket Software UniVerse是一套现在由 Rocket Software 拥有的数据库管理和支持软件。Rocket Software UniData是一个 MultiValue 应用程序平台。用于从 Rocket Software 开发快速、灵活和安全的应用程序。 Rocket Software UniData 8.2.4 build 300
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rocket Software | UniData | 0 ~ 8.2.43.3003 | - | |
| Rocket Software | UniVerse | 0 ~ 11.3.5.1001 | - |
II. Public POCs for CVE-2023-28502
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-28502
请登录查看更多情报信息。
Same Patch Batch · Rocket Software · 2023-03-29 · 9 CVEs total
| CVE-2023-28501 | Heap buffer overflow in unirpcd | |
| CVE-2023-28503 | Authentication bypass in UniRPC's udadmin service | |
| CVE-2023-28504 | Stack buffer overflow in UniRPC library function | |
| CVE-2023-28505 | Buffer overflow in UniRPC library function | |
| CVE-2023-28506 | Stack buffer overflow in UniRPC service | |
| CVE-2023-28507 | Memory exhaustion in LZ4 decompression in UniRPC daemon | |
| CVE-2023-28508 | Heap corruption in UniRPC service | |
| CVE-2023-28509 | Weak encryption in UniRPC protocol |
IV. Related Vulnerabilities
Same vendor: Rocket Software
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2023-28502
No comments yet