CVE-2003-0096

CWE-119 — Buffer Overflow5 documents5 sources

Severity

9.0CRITICAL

EPSS

46.3%

top 2.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedMar 3

Latest updateApr 29

Description

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

▶NVDoracle/database_server8.0.6, 9.2.1, 9.2.2+2

▶NVDoracle/oracle8i8.1.7, 8.1.7.1+1

▶NVDoracle/oracle9i5 versions+4

🔴Vulnerability Details

GHSA

GHSA-q3h7-99f2-hhfv: Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8↗2022-04-29

▶

CVEList

CVE-2003-0096: Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8↗2003-02-21

▶

📋Vendor Advisories

Red Hat

mod_python remote DoS↗2004-01-22

▶

💬Community

Bugzilla

CVE-2004-0096 mod_python remote DoS↗2008-01-28

▶