Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.
References
Link | Resource |
---|---|
http://supportservices.actian.com/support-services/security-center#announcements | Vendor Advisory |
https://blogs.securiteam.com/index.php/archives/2924 | Exploit Third Party Advisory |
https://twitter.com/SecuriTeam_SSD/status/815567538318954496 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-07-31 14:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-11757
Mitre link : CVE-2017-11757
CVE.ORG link : CVE-2017-11757
JSON object : View
Products Affected
actian
- pervasive_psql
- zen
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)