CVE-2017-11757

Опубликовано: 31 июл. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.

Ссылки

http://supportservices.actian.com/support-services/security-center#announcements
Vendor Advisory
https://blogs.securiteam.com/index.php/archives/2924
Exploit
Third Party Advisory
https://twitter.com/SecuriTeam_SSD/status/815567538318954496
Third Party Advisory
http://supportservices.actian.com/support-services/security-center#announcements
Vendor Advisory
https://blogs.securiteam.com/index.php/archives/2924
Exploit
Third Party Advisory
https://twitter.com/SecuriTeam_SSD/status/815567538318954496
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:actian:pervasive_psql:12.10:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:actian:zen:13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03545

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-191

Связанные уязвимости

GHSA-2rvr-836w-4qqv