CVE-2006-0272

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle9i
Vendor: CVE Published:; 18 January 2006

Summary

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

References

http://www.integrigy.com/info/IntegrigySecurityAnalysis-C...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/24321

vdb-entryx_refsource_XF

http://www.red-database-security.com/advisory/oracle_cpu_...

x_refsource_MISC

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 18, 2006
Vulnerability Reserved
Jan 18, 2006