Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2003-0096

Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.

  • Published: Mar 3, 2003
  • Updated: Apr 13, 2023
  • CVE: CVE-2003-0096
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Software From Fixed in
oracle / oracle9i 9.0.1 9.0.1.x
oracle / oracle9i 9.0.2 9.0.2.x
oracle / oracle9i 9.0 9.0.x
oracle / database_server 9.2.1 9.2.1.x
oracle / oracle8i 8.1.7.1 8.1.7.1.x
oracle / oracle8i 8.1.7 8.1.7.x
oracle / oracle9i 9.0.1.3 9.0.1.3.x
oracle / oracle9i 9.0.1.2 9.0.1.2.x
oracle / database_server 9.2.2 9.2.2.x
oracle / database_server 8.0.6 8.0.6.x