Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4517Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Database Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
49.9%
top 2.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedNov 8
Latest updateMay 1

Description

Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_serverrelease_2

🔴Vulnerability Details

2
GHSA
GHSA-x2vh-w9hq-99wj: Buffer overflow in the XDB2022-05-01
CVEList
CVE-2007-4517: Buffer overflow in the XDB2007-11-08

💥Exploits & PoCs

1
Exploit-DB
Oracle - xdb.xdb_pitrig_pkg.PITRIG_DROPMETADATA procedure2011-11-07
CVE-2007-4517 — Oracle Database Server vulnerability | cvebase