Incorrect Calculation of Buffer Size

CVE-2004-1363

High

9.8/10

Summary

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

Advisory Timeline

Published Aug 04, 2004

Incorrect Calculation of Buffer Size

CVE-2004-1363

Summary

CWE-131 - Incorrect Calculation of Buffer Size

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS