Arcserve Unified Data Protection
Moderate fix5 remedies
cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 10.2
- >= 8.0, <= 10.1
- <= 7
Arcserve Unified Data Protection Heap-Based Buffer Overflow Vulnerability Allowing Pre-Authentication Remote Code Execution
Vulnerability
Patched
A heap-based buffer overflow vulnerability has been identified in Arcserve Unified Data Protection (UDP) input parsing logic. This vulnerability, present in all UDP versions prior to 10.2, can be exploited without authentication by sending specially crafted input to the target system. The flaw arises from improper bounds checking, allowing attackers to overwrite heap memory, which could lead to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction, posing a high risk of full compromise.
Impact
Successful exploitation of this vulnerability allows for arbitrary code execution in the context of the affected process.
Remediation
Users can upgrade to Arcserve UDP 10.2, which includes the necessary patches. For those using versions 8.0 through 10.1, patches are available. Customers on unsupported versions (UDP 7.x and earlier) should upgrade to UDP 10.2.
Added: Aug 27, 2025, 10:17 PM
Updated: Aug 27, 2025, 10:17 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
7.8remediation
7.7relevance
0.4threat
0.0urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.