----‑--‑-- · --:--:-- UTCLIVE

Powered by data from 22+ sources — NVD, cve.org, EPSS, CISA KEV, OSV, GHSA, MITRE ATT&CK, and more.

CVE-2004-1363

Critical

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name,…

mitre·CWE-131·Published 2004-08-04

CVSS

9.8

EPSS

0.09

KEV

No

Exploits

0

Vendor statements (1)

sunsolve.sun.com

cve.orgen

193 chars

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

NVDen

193 chars

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CVSS metrics across sources

2

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.2	3.9	10.0	AV:L/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H