Stack-based Buffer Overflow in Oracle Database Server 9i by Oracle
CVE-2003-0222

Currently unrated

Key Information:

Vendor: Oracle
Status: Database Server; Oracle8i; Oracle9i
Vendor: CVE Published:; 12 May 2003

Badges

👾 Exploit Exists🟣 EPSS 30%

Summary

A stack-based buffer overflow exists in the Oracle Net Services component of Oracle Database Server 9i release 2 and earlier versions. This vulnerability can be exploited by attackers through a specially crafted 'CREATE DATABASE LINK' query that includes a lengthy USING parameter in the connect string, potentially leading to the execution of arbitrary code. Organizations using affected versions should review their security policies and apply necessary patches or updates to mitigate the risk.

References

http://marc.info/?l=bugtraq&m=105162831008176&w=2

mailing-listx_refsource_BUGTRAQ

http://www.ciac.org/ciac/bulletins/n-085.shtml

third-party-advisorygovernment-resourcex_refsource_CIAC

https://exchange.xforce.ibmcloud.com/vulnerabilities/11885

vdb-entryx_refsource_XF

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Jan 7, 2019
👾
Exploit known to exist
Jan 7, 2019
Vulnerability published
May 12, 2003
Vulnerability Reserved
Apr 29, 2003