Buffer Overflow in Oracle 10g MD2 Package
CVE-2004-1774

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 31 August 2004

Summary

A buffer overflow vulnerability exists in the SDO_CODE_SIZE procedure of the MD2 package in Oracle 10g. This flaw allows local users to potentially execute arbitrary code by exploiting a long LAYER parameter. Users are advised to upgrade to at least version 10.1.0.2 Patch 2 to mitigate the risk posed by this vulnerability.

References

http://www.appsecinc.com/resources/alerts/oracle/2004-0001/

x_refsource_MISC

http://www.securiteam.com/securitynews/5CP010KE0W.html

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2004-S...

mailing-listx_refsource_FULLDISC

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Apr 19, 2005
Vulnerability published
Aug 31, 2004