CVE-2007-5897

Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.

Published: Nov 8, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5897
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
oracle / database_server	10.1.0.3	10.1.0.3.x
oracle / database_server	-	-
oracle / database_server	9.2.0.1	9.2.0.1.x
oracle / database_server	9.2.0.4	9.2.0.4.x
oracle / database_server	10.1.0.2	10.1.0.2.x
oracle / database_server	9.2.0.2	9.2.0.2.x
oracle / database_server	9.2.0.6	9.2.0.6.x
oracle / database_server	9.2.0.3	9.2.0.3.x
oracle / database_server	10.1.0.4	10.1.0.4.x
oracle / database_server	9.2.0.5	9.2.0.5.x

Vulnerability Database

CVE-2007-5897