CVE-2004-0638

CWE-119 — Buffer Overflow3 documents3 sources

Severity

8.5HIGH

EPSS

17.2%

top 4.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedDec 31

Latest updateApr 29

Description

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages2 packages

▶NVDoracle/oracle8ienterprise_8.1.7.4, standard_8.1.7.4+1

▶NVDoracle/oracle9i12 versions+11

Patches

Patch: archives.neohapsis.com ↗Patch: www.idefense.com ↗Patch: www.red-database-security.com ↗

🔴Vulnerability Details

GHSA

GHSA-r987-86mv-x265: Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system↗2022-04-29

▶

CVEList

CVE-2004-0638: Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system↗2005-01-19

▶