CVE-2003-0095

CWE-119 — Buffer Overflow3 documents3 sources

Severity

10.0CRITICAL

EPSS

54.4%

top 1.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedMar 3

Latest updateApr 29

Description

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDoracle/database_server8.0.6, 9.2.1, 9.2.2+2

▶NVDoracle/oracle8i8.1.7, 8.1.7.1+1

▶NVDoracle/oracle9i5 versions+4

Patches

Patch: otn.oracle.com ↗Patch: otn.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-7q6h-c5j5-5wfm: Buffer overflow in ORACLE↗2022-04-29

▶

CVEList

CVE-2003-0095: Buffer overflow in ORACLE↗2004-09-01

▶