CVE-2010-0071

Oracle Database <11.1.0.7 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0071. PoCs published by Dennis Yurichev.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Oracle Database Listener (CVE-2010-0071) by sending malformed TNS protocol packets to trigger a crash in the Listener process. It does not achieve RCE but demonstrates a reliable DoS condition.

Description

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dennis Yurichev · pythondosmultiple

https://www.exploit-db.com/exploits/33506

View Code ZIP pw:eip

This exploit targets a memory corruption vulnerability in Oracle Database Listener (CVE-2010-0071) by sending malformed TNS protocol packets to trigger a crash in the Listener process. It does not achieve RCE but demonstrates a reliable DoS condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7)

No auth needed

Prerequisites: Network access to Oracle Listener (port 1521)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA10-012A.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html

Scores

EPSS 0.0983

EPSS Percentile 94.9%

Details

Status published

Products (5)

oracle/database_server 9.2.0.8

oracle/database_server 9.2.0.8dv

oracle/database_server 10.1.0.5

oracle/database_server 10.2.0.4

oracle/database_server 11.1.0.7

Published Jan 13, 2010

Tracked Since Feb 18, 2026