Buffer Overflow Vulnerability in Oracle 9i and 8i Database Products
CVE-2003-0096

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Database Server; Oracle8i
Vendor: CVE Published:; 3 March 2003

Summary

Multiple buffer overflow vulnerabilities exist within the Oracle Database, particularly affecting versions 9i and 8i. Attackers can exploit these vulnerabilities through crafted inputs to specific database functions, including TO_TIMESTAMP_TZ, TZ_OFFSET, and BFILENAME. By supplying excessively long strings as arguments, malicious users have the potential to execute arbitrary code remotely, compromising the integrity of the database system and possibly the broader network.

References

http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf

x_refsource_CONFIRM

http://www.nextgenss.com/advisories/ora-tmstmpbo.txt

x_refsource_MISC

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/...

mailing-listx_refsource_VULNWATCH

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 3, 2003
Vulnerability Reserved
Feb 18, 2003