Buffer Overflow Vulnerabilities in Oracle Database 9i by Oracle
CVE-2003-1208

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i
Vendor: CVE Published:; 3 December 2004

Summary

Multiple buffer overflow issues exist in Oracle Database 9i prior to version 9.2.0.3. Local users can exploit these vulnerabilities by setting the TIME_ZONE session parameter with excessively long values or by providing lengthy parameters to the NUMTOYMINTERVAL, NUMTODSINTERVAL, and FROM_TZ functions. Successful exploitation could allow local users to execute arbitrary code on the affected systems, posing significant security risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15060

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/399806

third-party-advisoryx_refsource_CERT-VN

http://www.osvdb.org/3840

vdb-entryx_refsource_OSVDB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 19, 2005
Vulnerability published
Dec 3, 2004