What is CVE-2017-5789?

CVE-2017-5789 is a critical-severity vulnerability in Hp Loadrunner, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-10-11.

How severe is CVE-2017-5789?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Hp Loadrunner

CVE-2017-5789

HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer ov…

Vulnerability class: Buffer Overflow

EPSS: 0.339 (97.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Hp Loadrunner
Hp Performance_center
N/a Hpe Loadrunner And Performance Center — versions HPE LoadRunner and Performance Center

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security-alert@hpe.com (Third Party Advisory, x_refsource_MISC)
security-alert@hpe.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security-alert@hpe.com (x_refsource_CONFIRM, Vendor Advisory)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security-alert@hpe.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-5789?: CVE-2017-5789 is a critical-severity vulnerability in Hp Loadrunner, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-10-11.
How severe is CVE-2017-5789?: Critical severity. CVSS v3 base score is 9.8 out of 10.