Skip to main content

Incorrect Calculation of Buffer Size

CVE-2004-1363

Severity High
Score 9.8/10

Summary

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

Advisory Timeline

  • Published