Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3336

5 documents4 sources
Severity
10.0CRITICAL
EPSS
29.7%
top 3.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Ingres Database Server
Timeline
PublishedJun 22
Latest updateMay 1

Description

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDingres/database_server4 versions+3

Patches

Patch: supportconnectw.ca.comPatch: supportconnectw.ca.com

🔴Vulnerability Details

2
GHSA
GHSA-q782-hgfx-w6cc: Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 92022-05-01
CVEList
CVE-2007-3336: Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 92007-06-22

💥Exploits & PoCs

2
Exploit-DB
CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities (PoC)2010-08-14
Exploit-DB
Ingress Database Server 2.6 - Multiple Remote Vulnerabilities2007-06-21
CVE-2007-3336 (CRITICAL CVSS 10) | Multiple "pointer overwrite" vulner | cvebase.io