CVE-2004-1363
Description
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
27.664
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Oracle 9.0.1.5 | Windows |
| Multiple Vulnerabilities are affected in Oracle 9.2.0.5 | Windows |
| Multiple Vulnerabilities are affected in Oracle 10.1.0.2 | Windows |
| Vulnerabilities CVE-2004-1363,CVE-2004-2345,CVE-2005-0298,CVE-2006-1884 are affected in Oracle 9.0.1.4 | Windows |
| Vulnerabilities CVE-2004-1363,CVE-2005-0298 are affected in Oracle 9.0.4 | Windows |
| Vulnerabilities CVE-2004-1363,CVE-2004-2345,CVE-2005-0298,CVE-2007-5897 are affected in Oracle 9.2.0.4 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234