CVE-2001-0974

3 documents3 sources

Severity

7.5HIGH

EPSS

2.7%

top 14.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Internet Directory

Timeline

PublishedJul 17

Latest updateApr 30

Description

Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/internet_directory2.1.1, 3.0.1+1

Patches

Patch: www.cert.org ↗Patch: www.ciac.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-qc9w-9p8v-48fv: Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2↗2022-04-30

▶

CVEList

CVE-2001-0974: Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2↗2002-02-02

▶