Cyber Resilience

CVE-2023-28502

CriticalPublic PoC

Published: 29 March 2023

Published
29 March 2023
Modified
18 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.6792 98.6th percentile
Risk Priority 60 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-28502 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Rocketsoftware Universe. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 contain a stack-based buffer overflow in the udadmin service. The flaw, tracked under CWE-120 and CWE-787, carries a CVSS 3.1 score of 9.8 and permits unauthenticated remote code execution.

An attacker with network access to the UniRPC listener can send a crafted request that overflows the buffer, resulting in arbitrary code execution with root privileges on the affected server. No authentication or user interaction is required, and the attack can be performed over the network.

Public references, including Rapid7’s advisory and Packet Storm postings, point to vendor-supplied updates that remediate the issue by correcting the buffer handling in the udadmin component. Administrators are advised to upgrade UniData and UniVerse to the fixed builds listed in the vendor notices.

EPSS for the CVE rose from low values after disclosure to a peak of 0.8060 in December 2025 before receding to the current 0.6792, indicating increased exploitation interest well after the initial publication. Public proof-of-concept material has been available since shortly after the March 2023 disclosure.

EU & UK References

Vulnerability details

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service that can lead to remote code execution as the…

more

root user.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

rocketsoftware
unidata
≤ 8.2.4
rocketsoftware
universe
≤ 11.3.5 · 12.0.0 — 12.2.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References