Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0965Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Oracle9i

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
73.6%
top 1.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Oracle9i
Timeline
PublishedOct 4
Latest updateApr 30

Description

Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDoracle/oracle9i9.0, 9.0.1, 9.0.2+2

Patches

Patch: otn.oracle.comPatch: www.securityfocus.comPatch: otn.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-wrvr-c9gh-23qc: Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via2022-04-30
CVEList
CVE-2002-0965: Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via2003-04-02

💥Exploits & PoCs

1
Exploit-DB
Oracle 8i - TNS Listener SERVICE_NAME Buffer Overflow (Metasploit)2010-11-24