CVE-2003-0222

CWE-119Buffer Overflow3 documents3 sources
Severity
9.0CRITICAL
EPSS
12.5%
top 6.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Database ServerOracle Oracle8iOracle Oracle9i
Timeline
PublishedMay 12
Latest updateApr 29

Description

Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

NVDoracle/database_server14 versions+13
NVDoracle/oracle8i9 versions+8
NVDoracle/oracle9i8 versions+7

Patches

Patch: otn.oracle.comPatch: www.securityfocus.comPatch: otn.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-g7v6-fr79-9h7f: Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via2022-04-29
CVEList
CVE-2003-0222: Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via2003-04-30