CVE-2004-1371

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.0CRITICAL

EPSS

32.4%

top 3.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Collaboration Suite Oracle Database Server +7 more

Timeline

PublishedAug 4

Latest updateApr 29

Description

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages10 packages

▶NVDoracle/oracle8i19 versions+18

▶NVDoracle/oracle9i36 versions+35

▶NVDoracle/oracle10g6 versions+5

▶NVDoracle/database_server9i_application_server

▶NVDoracle/e-business_suite9 versions+8

Patches

Patch: www.ngssoftware.com ↗Patch: www.oracle.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v4v5-xmrp-3656: Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure↗2022-04-29

▶

CVEList

CVE-2004-1371: Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure↗2005-01-19

▶