CVE-2023-28507 – This vulnerability in Rocket Software UniData a... (How to Fix)

Q: What is the severity of CVE-2023-28507?

CVE-2023-28507 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Rocket Software UniData and UniVerse allows remote attackers to cause denial of service by exhausting system memory through a decompression routine. Affected systems will crash when exploited, impacting availability of database services. Organizations running vulnerable versions of these database platforms are at risk.

📋 TL;DR

This vulnerability in Rocket Software UniData and UniVerse allows remote attackers to cause denial of service by exhausting system memory through a decompression routine. Affected systems will crash when exploited, impacting availability of database services. Organizations running vulnerable versions of these database platforms are at risk.

💻 Affected Systems

Products:

Rocket Software UniData
Rocket Software UniVerse

Versions: UniData versions prior to 8.2.4 build 3003; UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002

Operating Systems: All supported platforms for these products

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the UniRPC server component which handles remote procedure calls. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system memory exhaustion leading to database service crash and denial of service, potentially affecting multiple systems if the process forks repeatedly.

🟠

Likely Case

Targeted database service crashes causing application downtime and service disruption until systems are restarted.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though service interruption may still occur if exploited.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: HIGH - Internal systems remain vulnerable to network-accessible attacks from within the network perimeter.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires network access to the UniRPC service but no authentication. Exploitation appears straightforward based on the memory exhaustion mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UniData 8.2.4 build 3003 or later; UniVerse 11.3.5 build 1001 or later, or 12.2.1 build 2002 or later

Vendor Advisory: https://www.rocketsoftware.com/support

Restart Required: Yes

Instructions:

1. Download the appropriate patched version from Rocket Software support portal. 2. Backup current installation and data. 3. Install the updated version following vendor documentation. 4. Restart the UniRPC service and verify functionality.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to UniRPC service ports to only trusted sources

iptables -A INPUT -p tcp --dport [UNIRPC_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [UNIRPC_PORT] -j DROP

Service Disablement

linux

Temporarily disable UniRPC service if not required for operations

systemctl stop unirpc
systemctl disable unirpc

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from untrusted networks
Deploy memory monitoring and alerting to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version against affected version ranges: UniData < 8.2.4 build 3003 or UniVerse < 11.3.5 build 1001 and < 12.2.1 build 2002

Check Version:

Consult product documentation for version checking commands specific to your installation

Verify Fix Applied:

Confirm version is at or above patched versions: UniData >= 8.2.4 build 3003 or UniVerse >= 11.3.5 build 1001 or >= 12.2.1 build 2002

📡 Detection & Monitoring

Log Indicators:

Unusual memory consumption patterns
Process crashes of UniRPC service
Repeated connection attempts to UniRPC ports

Network Indicators:

Multiple connections to UniRPC service ports from single sources
Unusual traffic patterns to database service ports

SIEM Query:

source="unirpc.log" AND ("out of memory" OR "crash" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2023-28507

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-400

Published: March 29, 2023

Last Updated: February 18, 2025

🔗 References

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/ Third Party Advisory
https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28507, you might also want to check these: