CVE-2017-11757

Name of the Vulnerable Software and Affected Versions Actian Pervasive PSQL version 12.10 Actian Zen version 13

Description The issue is a heap-based buffer overflow that allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. This occurs after the Server-Client encryption-key exchange. The problem stems from an integer underflow that results in a zero-byte allocation. The srvLnaConnectMP1 function is affected.

Recommendations For Actian Pervasive PSQL version 12.10, update to a version that fixes the integer underflow issue to prevent the heap-based buffer overflow. For Actian Zen version 13, update to a version that fixes the integer underflow issue to prevent the heap-based buffer overflow. As a temporary workaround, consider restricting access to TCP port 1583 to minimize the risk of exploitation.