Vulnerabilities > CVE-2017-11757 - Integer Underflow (Wrap or Wraparound) vulnerability in Actian Pervasive Psql and ZEN
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
References
- http://supportservices.actian.com/support-services/security-center#announcements
- http://supportservices.actian.com/support-services/security-center#announcements
- https://blogs.securiteam.com/index.php/archives/2924
- https://blogs.securiteam.com/index.php/archives/2924
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496
- https://twitter.com/SecuriTeam_SSD/status/815567538318954496