Vulnerabilities > CVE-2023-34364 - Out-of-bounds Write vulnerability in Progress Datadirect Odbc Oracle Wire Protocol Driver

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

progress

CWE-787

critical

NVD

Published: 2023-06-09

Updated: 2023-06-21

Summary

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.

Vulnerable Configurations

Part	Description	Count
Application	Progress Progress Datadirect Odbc Oracle Wire Protocol Driver -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://progress.com
https://community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-ODBC-Oracle-Wire-Protocol-driver-June-2023