CVE-2004-1363

EPSS 27.66%
Veröffentlicht 04.08.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Application Server

Oracle ≫ Application Server Version9.0.2

Oracle ≫ Application Server Version9.0.2.0.0

Oracle ≫ Application Server Version9.0.2.0.1

Oracle ≫ Application Server Version9.0.2.1

Oracle ≫ Application Server Version9.0.2.2

Oracle ≫ Application Server Version9.0.2.3

Oracle ≫ Application Server Version9.0.3

Oracle ≫ Application Server Version9.0.3.1

Oracle ≫ Application Server Version9.0.4

Oracle ≫ Application Server Version9.0.4.0

Oracle ≫ Application Server Version9.0.4.1

Oracle ≫ Collaboration Suite Version-

Oracle ≫ Database Server Version8.1.7.4

Oracle ≫ Database Server Version9.0.1.4

Oracle ≫ Database Server Version9.0.1.5

Oracle ≫ Database Server Version9.0.4

Oracle ≫ Database Server Version9.2.0.4

Oracle ≫ Database Server Version9.2.0.5

Oracle ≫ Database Server Version10.1.0.2

Oracle ≫ E-business Suite Version11.5.1

Oracle ≫ E-business Suite Version11.5.2

Oracle ≫ E-business Suite Version11.5.3

Oracle ≫ E-business Suite Version11.5.4

Oracle ≫ E-business Suite Version11.5.5

Oracle ≫ E-business Suite Version11.5.6

Oracle ≫ E-business Suite Version11.5.7

Oracle ≫ E-business Suite Version11.5.8

Oracle ≫ E-business Suite Version11.5.9

Oracle ≫ Enterprise Manager Version9

Oracle ≫ Enterprise Manager Version9.0.1

Oracle ≫ Enterprise Manager Database Control Version10.1.2

Oracle ≫ Enterprise Manager Grid Control Version10.1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	27.66%	0.96

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-131 Incorrect Calculation of Buffer Size

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

Broken Link

http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Patch

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/10871

Patch

Third Party Advisory

Broken Link

VDB Entry

http://www.us-cert.gov/cas/techalerts/TA04-245A.html

Patch

Third Party Advisory

US Government Resource

Broken Link

http://marc.info/?l=bugtraq&m=110382345829397&w=2

Mailing List

http://www.kb.cert.org/vuls/id/316206

Third Party Advisory

US Government Resource

http://www.ngssoftware.com/advisories/oracle23122004.txt

Patch

Vendor Advisory

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/18659

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2004-1363

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1363

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1363

EUVD