Buffer Overflow Vulnerability in Progress DataDirect Connect for ODBC
CVE-2023-34364

9.8CRITICAL

Key Information:

Vendor: Progress
Status: Datadirect Odbc Oracle Wire Protocol Driver
Vendor: CVE Published:; 9 June 2023

What is CVE-2023-34364?

A vulnerability has been identified in Progress DataDirect Connect for ODBC that enables a buffer overflow through an excessively large value provided in certain connection string options. This flaw may allow attackers to exploit the buffer overrun to execute arbitrary code on the affected system. Proper validation and accommodation for connection string data sizes are necessary to mitigate risks associated with unauthorized code execution.

References

https://progress.com

https://community.progress.com/s/article/Security-vulnera...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2023
Vulnerability Reserved
Jun 2, 2023