CVE Vulnerabilities

CVE-2004-1774

Published: Aug 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

Affected Software

Name Vendor Start Version End Version
Application_server Oracle 10.1.0.2 10.1.0.2
Oracle10g Oracle enterprise_10.1.0.2 enterprise_10.1.0.2
Oracle10g Oracle personal_10.1.0.2 personal_10.1.0.2
Oracle10g Oracle standard_10.1.0.2 standard_10.1.0.2

References