CVE-2023-28504: 
NixOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2023-28504) was discovered in Rocket Software's UniData and UniVerse products. The vulnerability affects UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002. This pre-authentication vulnerability exists in the libunidata.so's Ureprpcserversubmain function (NVD, Rapid7 Blog).

The vulnerability is classified as a stack-based buffer overflow (CWE-787) that can occur in the Ureprpcserversubmain function within libunidata.so. The severity of this vulnerability is rated as CRITICAL with a CVSS v3.1 Base Score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating the highest level of severity (NVD).

If successfully exploited, this vulnerability can lead to remote code execution with root user privileges. The high severity score reflects the critical nature of the potential impact, allowing attackers to gain complete control over the affected system (Rapid7 Blog).

Rocket Software has released patches to address this vulnerability. Users are strongly advised to upgrade to UniData version 8.2.4 build 3003, UniVerse version 11.3.5 build 1001, or UniVerse version 12.2.1 build 2002, depending on their product version (Rapid7 Blog).