9.8

CVE-2004-1363

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2.0.0
OracleApplication Server Version9.0.2.0.1
OracleApplication Server Version9.0.2.1
OracleApplication Server Version9.0.2.2
OracleApplication Server Version9.0.2.3
OracleApplication Server Version9.0.3
OracleApplication Server Version9.0.3.1
OracleApplication Server Version9.0.4
OracleApplication Server Version9.0.4.0
OracleApplication Server Version9.0.4.1
OracleDatabase Server Version8.1.7.4
OracleDatabase Server Version9.0.1.4
OracleDatabase Server Version9.0.1.5
OracleDatabase Server Version9.0.4
OracleDatabase Server Version9.2.0.4
OracleDatabase Server Version9.2.0.5
OracleDatabase Server Version10.1.0.2
OracleE-business Suite Version11.5.1
OracleE-business Suite Version11.5.2
OracleE-business Suite Version11.5.3
OracleE-business Suite Version11.5.4
OracleE-business Suite Version11.5.5
OracleE-business Suite Version11.5.6
OracleE-business Suite Version11.5.7
OracleE-business Suite Version11.5.8
OracleE-business Suite Version11.5.9
OracleEnterprise Manager Version9
OracleEnterprise Manager Version9.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.1% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
Broken Link
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Patch
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/10871
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch
Third Party Advisory
US Government Resource
Broken Link
http://marc.info/?l=bugtraq&m=110382345829397&w=2
Mailing List
http://www.kb.cert.org/vuls/id/316206
Third Party Advisory
US Government Resource
http://www.ngssoftware.com/advisories/oracle23122004.txt
Patch
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/18659
Third Party Advisory
VDB Entry