CVE-2004-0638

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0638
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
oracle / oracle8i	standard_8.1.7.4	standard_8.1.7.4.x
oracle / oracle9i	standard_9.0.1.4	standard_9.0.1.4.x
oracle / oracle9i	personal_9.0.1.5	personal_9.0.1.5.x
oracle / oracle9i	standard_9.2.0.3	standard_9.2.0.3.x
oracle / oracle9i	enterprise_9.2.0.4	enterprise_9.2.0.4.x
oracle / oracle9i	enterprise_9.0.1.5	enterprise_9.0.1.5.x
oracle / oracle9i	standard_9.2.0.4	standard_9.2.0.4.x
oracle / oracle9i	personal_9.2.0.4	personal_9.2.0.4.x
oracle / oracle9i	enterprise_9.2.0.3	enterprise_9.2.0.3.x
oracle / oracle9i	personal_9.0.1.4	personal_9.0.1.4.x
oracle / oracle9i	personal_9.2.0.3	personal_9.2.0.3.x
oracle / oracle9i	standard_9.0.1.5	standard_9.0.1.5.x
oracle / oracle8i	enterprise_8.1.7.4	enterprise_8.1.7.4.x
oracle / oracle9i	enterprise_9.0.1.4	enterprise_9.0.1.4.x

Vulnerability Database

289,697

CVE-2004-0638