CVE Record: CVE-2023-28507

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.

CWE 1 Total

CWE-400: CWE-400 Uncontrolled Resource Consumption

Product Status

Versions 1 Total

Default Status: unaffected

affected

Versions 2 Total

Default Status: unaffected

affected

Credits

Ron Bowes finder

References 1 Total

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/
external site
third-party-advisory

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/
external site
third-party-advisoryx_transferred

Authorized Data Publishers