CVE-2006-5344
🟠 Łataj w tym tygodniu
Wielokrotne nieokreślone podatności w Oracle Spatial mogą prowadzić do zdalnego wykonania kodu.
CVSS
9.0
EPSS
10.5%
Exploit
none
Vendor
oracle
Opis źródłowy (NVD)
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER.
buffer-overflow sql-injection
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 10.5% |
| Opublikowano (NVD) | 2006-10-18 01:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://secunia.com/advisories/22396 (cve@mitre.org) [Vendor Advisory]
- http://securitytracker.com/id?1017077 (cve@mitre.org)
- http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf (cve@mitre.org)
- http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html (cve@mitre.org)
- http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html (cve@mitre.org)
- http://www.securityfocus.com/archive/1/449110/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/archive/1/449711/100/0/threaded (cve@mitre.org)
- http://www.securityfocus.com/bid/20588 (cve@mitre.org) [Patch]
- http://www.us-cert.gov/cas/techalerts/TA06-291A.html (cve@mitre.org) [US Government Resource]
- http://www.vupen.com/english/advisories/2006/4065 (cve@mitre.org) [Vendor Advisory]