CVE-2017-11757
Description
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| actian | pervasive_psql | 12.10 | |
| actian | zen | 13.0 | |
References
- http://supportservices.actian.com/support-services/security-center#announcements
- https://blogs.securiteam.com/index.php/archives/2924
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496
- http://supportservices.actian.com/support-services/security-center#announcements
- https://blogs.securiteam.com/index.php/archives/2924
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496
CWEs
CWE-191
💬 Discuss CVE-2017-11757 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.