CVE-2017-11757

Published: Jul 31, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.

Affected (2)

Products: Actian: Pervasive Psql, Zen

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Actian Pervasive Psql	Version 12.10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Actian Zen	Version 13.0

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (6)

http://supportservices.actian.com/support-services/security-center#announcements

Source: cve@mitre.org

Vendor Advisory

https://blogs.securiteam.com/index.php/archives/2924

Source: cve@mitre.org

ExploitThird Party Advisory

https://twitter.com/SecuriTeam_SSD/status/815567538318954496

Source: cve@mitre.org

Third Party Advisory

http://supportservices.actian.com/support-services/security-center#announcements

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://blogs.securiteam.com/index.php/archives/2924

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://twitter.com/SecuriTeam_SSD/status/815567538318954496

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.