Vulnerabilities > CVE-2017-11757 - Integer Underflow (Wrap or Wraparound) vulnerability in Actian Pervasive Psql and ZEN

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
actian
CWE-191
critical

Summary

Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.

Vulnerable Configurations

Part Description Count
Application
Actian
2

Common Weakness Enumeration (CWE)