CVE-2006-1868 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Database Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.5HIGHNVD

EPSS

14.3%

top 5.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedApr 20

Latest updateMay 1

Description

Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/database_server10.1.0.4

Patches

Patch: securitytracker.com ↗Patch: www.kb.cert.org ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-px4p-8cpc-27j4: Buffer overflow in the Advanced Replication component in Oracle Database Server 10↗2022-05-01

▶

CVEList

CVE-2006-1868: Buffer overflow in the Advanced Replication component in Oracle Database Server 10↗2006-04-20

▶