9

CVE-2004-1371

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

Data is provided by the National Vulnerability Database (NVD)
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2.0.0
OracleApplication Server Version9.0.2.0.1
OracleApplication Server Version9.0.2.1
OracleApplication Server Version9.0.2.2
OracleApplication Server Version9.0.2.3
OracleApplication Server Version9.0.3
OracleApplication Server Version9.0.3.1
OracleApplication Server Version9.0.4
OracleApplication Server Version9.0.4.0
OracleApplication Server Version9.0.4.1
OracleCollaboration Suite Versionrelease_1
OracleDatabase Server Version9i_application_server
OracleE-business Suite Version11.5.1
OracleE-business Suite Version11.5.2
OracleE-business Suite Version11.5.3
OracleE-business Suite Version11.5.4
OracleE-business Suite Version11.5.5
OracleE-business Suite Version11.5.6
OracleE-business Suite Version11.5.7
OracleE-business Suite Version11.5.8
OracleE-business Suite Version11.5.9
OracleEnterprise Manager Version9
OracleEnterprise Manager Version9.0.1
OracleOracle10g Versionenterprise_9.0.4_.0
OracleOracle10g Versionenterprise_10.1.0.2
OracleOracle10g Versionpersonal_9.0.4_.0
OracleOracle10g Versionpersonal_10.1_.0.2
OracleOracle10g Versionstandard_9.0.4_.0
OracleOracle10g Versionstandard_10.1_.0.2
OracleOracle8i Versionenterprise_8.0.5_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.1
OracleOracle8i Versionenterprise_8.1.5_.0.0
OracleOracle8i Versionenterprise_8.1.5_.0.2
OracleOracle8i Versionenterprise_8.1.5_.1.0
OracleOracle8i Versionenterprise_8.1.6_.0.0
OracleOracle8i Versionenterprise_8.1.6_.1.0
OracleOracle8i Versionenterprise_8.1.7_.0.0
OracleOracle8i Versionenterprise_8.1.7_.1.0
OracleOracle8i Versionenterprise_8.1.7_.4
OracleOracle8i Versionstandard_8.0.6
OracleOracle8i Versionstandard_8.0.6_.3
OracleOracle8i Versionstandard_8.1.5
OracleOracle8i Versionstandard_8.1.6
OracleOracle8i Versionstandard_8.1.7
OracleOracle8i Versionstandard_8.1.7_.0.0
OracleOracle8i Versionstandard_8.1.7_.1
OracleOracle8i Versionstandard_8.1.7_.4
OracleOracle9i Versionclient_9.2.0.1
OracleOracle9i Versionclient_9.2.0.2
OracleOracle9i Versionenterprise_8.1.7
OracleOracle9i Versionenterprise_9.0.1
OracleOracle9i Versionenterprise_9.0.1.4
OracleOracle9i Versionenterprise_9.0.1.5
OracleOracle9i Versionenterprise_9.2.0
OracleOracle9i Versionenterprise_9.2.0.1
OracleOracle9i Versionenterprise_9.2.0.2
OracleOracle9i Versionenterprise_9.2.0.3
OracleOracle9i Versionenterprise_9.2.0.4
OracleOracle9i Versionenterprise_9.2.0.5
OracleOracle9i Versionpersonal_8.1.7
OracleOracle9i Versionpersonal_9.0.1
OracleOracle9i Versionpersonal_9.0.1.4
OracleOracle9i Versionpersonal_9.0.1.5
OracleOracle9i Versionpersonal_9.2
OracleOracle9i Versionpersonal_9.2.0.1
OracleOracle9i Versionpersonal_9.2.0.2
OracleOracle9i Versionpersonal_9.2.0.3
OracleOracle9i Versionpersonal_9.2.0.4
OracleOracle9i Versionpersonal_9.2.0.5
OracleOracle9i Versionstandard_8.1.7
OracleOracle9i Versionstandard_9.0
OracleOracle9i Versionstandard_9.0.1
OracleOracle9i Versionstandard_9.0.1.2
OracleOracle9i Versionstandard_9.0.1.3
OracleOracle9i Versionstandard_9.0.1.4
OracleOracle9i Versionstandard_9.0.1.5
OracleOracle9i Versionstandard_9.0.2
OracleOracle9i Versionstandard_9.2
OracleOracle9i Versionstandard_9.2.0.1
OracleOracle9i Versionstandard_9.2.0.2
OracleOracle9i Versionstandard_9.2.0.3
OracleOracle9i Versionstandard_9.2.0.4
OracleOracle9i Versionstandard_9.2.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 32.44% 0.964
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Patch
Third Party Advisory
US Government Resource