Critical severity9.8NVD Advisory· Published Jul 31, 2017· Updated May 13, 2026

CVE-2017-11757

Description

Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected.

Affected products

Actian/Pervasive Psql
cpe:2.3:a:actian:pervasive_psql:12.10:*:*:*:*:*:*:*
Actian/Zen
cpe:2.3:a:actian:zen:13.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blogs.securiteam.com/index.php/archives/2924nvdExploitThird Party Advisory
supportservices.actian.com/support-services/security-centernvdVendor Advisory
twitter.com/SecuriTeam_SSD/status/815567538318954496nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000