CVE-2004-1363

EPSS 27.66%
Published 04.08.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Application Server

Oracle ≫ Application Server Version9.0.2

Oracle ≫ Application Server Version9.0.2.0.0

Oracle ≫ Application Server Version9.0.2.0.1

Oracle ≫ Application Server Version9.0.2.1

Oracle ≫ Application Server Version9.0.2.2

Oracle ≫ Application Server Version9.0.2.3

Oracle ≫ Application Server Version9.0.3

Oracle ≫ Application Server Version9.0.3.1

Oracle ≫ Application Server Version9.0.4

Oracle ≫ Application Server Version9.0.4.0

Oracle ≫ Application Server Version9.0.4.1

Oracle ≫ Collaboration Suite Version-

Oracle ≫ Database Server Version8.1.7.4

Oracle ≫ Database Server Version9.0.1.4

Oracle ≫ Database Server Version9.0.1.5

Oracle ≫ Database Server Version9.0.4

Oracle ≫ Database Server Version9.2.0.4

Oracle ≫ Database Server Version9.2.0.5

Oracle ≫ Database Server Version10.1.0.2

Oracle ≫ E-business Suite Version11.5.1

Oracle ≫ E-business Suite Version11.5.2

Oracle ≫ E-business Suite Version11.5.3

Oracle ≫ E-business Suite Version11.5.4

Oracle ≫ E-business Suite Version11.5.5

Oracle ≫ E-business Suite Version11.5.6

Oracle ≫ E-business Suite Version11.5.7

Oracle ≫ E-business Suite Version11.5.8

Oracle ≫ E-business Suite Version11.5.9

Oracle ≫ Enterprise Manager Version9

Oracle ≫ Enterprise Manager Version9.0.1

Oracle ≫ Enterprise Manager Database Control Version10.1.2

Oracle ≫ Enterprise Manager Grid Control Version10.1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	27.66%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

Broken Link

http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Patch

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/10871

Patch

Third Party Advisory

Broken Link

VDB Entry

http://www.us-cert.gov/cas/techalerts/TA04-245A.html

Patch

Third Party Advisory

US Government Resource

Broken Link

http://marc.info/?l=bugtraq&m=110382345829397&w=2

Mailing List

http://www.kb.cert.org/vuls/id/316206

Third Party Advisory

US Government Resource

http://www.ngssoftware.com/advisories/oracle23122004.txt

Patch

Vendor Advisory

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/18659

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2004-1363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1363

EUVD