Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0941Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Database Server

4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.8%
top 26.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedNov 30
Latest updateApr 30

Description

Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server4 versions+3

Patches

Patch: otn.oracle.comPatch: otn.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-vcqj-cmgh-j5h7: Buffer overflow in dbsnmp in Oracle 82022-04-30
CVEList
CVE-2001-0941: Buffer overflow in dbsnmp in Oracle 82002-02-02

💥Exploits & PoCs

1
Exploit-DB
Oracle 8/9i - DBSNMP Oracle Home Environment Variable Buffer Overflow2001-08-02
CVE-2001-0941 — Oracle Database Server vulnerability | cvebase