Buffer Overflow Vulnerability in Oracle Database XML Database Component
CVE-2006-0272

Currently unrated

Key Information:

Vendor
Oracle
Status
Oracle10g
Oracle9i
Vendor
CVE Published:
18 January 2006

Summary

A vulnerability exists in the XML Database component of Oracle Database that potentially allows for a buffer overflow through improper handling of arguments in specific database procedures, namely DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT. This issue can be exploited via maliciously crafted long arguments in calls to XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS, which can lead to unexpected behavior or system compromise. Organizations using affected versions should implement security measures and updates to mitigate the risk.

References

http://www.integrigy.com/info/IntegrigySecurityAnalysis-C...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
vdb-entryx_refsource_XF
http://www.red-database-security.com/advisory/oracle_cpu_...
x_refsource_MISC

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.