Buffer Overflow Vulnerability in Oracle Database 9i and 10g
CVE-2004-1371

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle8i; Oracle9i; Database Server
Vendor: CVE Published:; 4 August 2004

What is CVE-2004-1371?

A stack-based buffer overflow vulnerability exists in Oracle Database versions 9i and 10g. This flaw permits remote attackers to execute arbitrary code by sending a specially crafted long token within the text of a wrapped procedure. It highlights a significant risk allowing potential exploitations that could compromise the integrity and confidentiality of the database, leading to unauthorized access or control over the system.

References

http://www.ngssoftware.com/advisories/oracle23122004J.txt

x_refsource_MISC

http://marc.info/?l=bugtraq&m=110382570313035&w=2

mailing-listx_refsource_BUGTRAQ

http://www.kb.cert.org/vuls/id/316206

third-party-advisoryx_refsource_CERT-VN

EPSS Score

32% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 7, 2005
Vulnerability published
Aug 4, 2004