Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0833 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Database Server

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 36.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database Server

Timeline

PublishedDec 6

Latest updateApr 30

Description

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/database_server9.0.1+2

Patches

Patch: otn.oracle.com ↗Patch: otn.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-3cfx-pw87-g2gg: Buffer overflow in otrcrep in Oracle 8↗2022-04-30

▶

CVEList

CVE-2001-0833: Buffer overflow in otrcrep in Oracle 8↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

Oracle OTRCREP Oracle 8/9 - Home Environment Variable Buffer Overflow↗2001-08-02

▶