Vulnerability Description
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Progress | Datadirect Odbc Oracle Wire Protocol Driver | < 08.02.2770 |
Related Weaknesses (CWE)
References
- https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-Vendor Advisory
- https://progress.comProduct
- https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-Vendor Advisory
- https://progress.comProduct
FAQ
What is CVE-2023-34364?
CVE-2023-34364 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated...
How severe is CVE-2023-34364?
CVE-2023-34364 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-34364?
Check the references section above for vendor advisories and patch information. Affected products include: Progress Datadirect Odbc Oracle Wire Protocol Driver.