CVE-2004-0638

Oracle 8i 8.1.7.4 and 9i 9.0.1.4-9.0.1.5 and 9.2.0.3-9.2.0.4 - Authenticated Buffer Overflow in KSDWRTB Function

Title source: llm
STIX 2.1

Description

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17254
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11100
Patch, Vendor Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html

Scores

EPSS 0.0663
EPSS Percentile 93.1%

Details

CWE
CWE-119
Status published
Products (14)
oracle/oracle8i enterprise_8.1.7.4
oracle/oracle8i standard_8.1.7.4
oracle/oracle9i enterprise_9.0.1.4
oracle/oracle9i enterprise_9.0.1.5
oracle/oracle9i enterprise_9.2.0.3
oracle/oracle9i enterprise_9.2.0.4
oracle/oracle9i personal_9.0.1.4
oracle/oracle9i personal_9.0.1.5
oracle/oracle9i personal_9.2.0.3
oracle/oracle9i personal_9.2.0.4
... and 4 more
Published Dec 31, 2004
Tracked Since Feb 18, 2026