CVE-2007-5897Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Database Server

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.5HIGHNVD
CNA7.5
EPSS
3.2%
top 12.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedNov 8
Latest updateMay 1

Description

Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-cf38-5cmw-7r2h: Buffer overflow in MDSYS2022-05-01
CVEList
CVE-2007-5897: Buffer overflow in MDSYS2007-11-08
CVE-2007-5897 — Oracle Database Server vulnerability | cvebase