Lucene search

[email protected]NVD:CVE-2023-34364

HistoryJun 09, 2023 - 7:15 a.m.

CVE-2023-34364

2023-06-0907:15:10

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

progress datadirect

odbc

oracle

connection string

code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.

Affected configurations

Nvd

Node

progressdatadirect_odbc_oracle_wire_protocol_driverRange<08.02.2770

VendorProductVersionCPE
progressdatadirect_odbc_oracle_wire_protocol_driver*cpe:2.3:a:progress:datadirect_odbc_oracle_wire_protocol_driver:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
progress	datadirect_odbc_oracle_wire_protocol_driver	*	cpe:2.3:a:progress:datadirect_odbc_oracle_wire_protocol_driver::::::::

References

community.progress.com/s/article/Security-vulnerabilities-in-DataDirect-ODBC-Oracle-Wire-Protocol-driver-June-2023

progress.com

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

69.4%

JSON

Related for NVD:CVE-2023-34364

prion1 cvelist1 cve1 ibm1