Vulnerability Description
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Actian | Pervasive Psql | 12.10 |
| Actian | Zen | 13.0 |
Related Weaknesses (CWE)
References
- http://supportservices.actian.com/support-services/security-center#announcementsVendor Advisory
- https://blogs.securiteam.com/index.php/archives/2924ExploitThird Party Advisory
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496Third Party Advisory
- http://supportservices.actian.com/support-services/security-center#announcementsVendor Advisory
- https://blogs.securiteam.com/index.php/archives/2924ExploitThird Party Advisory
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496Third Party Advisory
FAQ
What is CVE-2017-11757?
CVE-2017-11757 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client e...
How severe is CVE-2017-11757?
CVE-2017-11757 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11757?
Check the references section above for vendor advisories and patch information. Affected products include: Actian Pervasive Psql, Actian Zen.