Vulnerability Details : CVE-2003-0222
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
Vulnerability category: OverflowExecute code
Threat overview for CVE-2003-0222
Top countries where our scanners detected CVE-2003-0222
Top open port discovered on systems with this issue
1521
IPs affected by CVE-2003-0222 104
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0222!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0222
Probability of exploitation activity in the next 30 days: 34.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2003-0222
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2003-0222
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0222
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/11885
-
http://marc.info/?l=ntbugtraq&m=105163376015735&w=2
-
http://www.securityfocus.com/bid/7453
Patch;Vendor Advisory
-
http://www.ciac.org/ciac/bulletins/n-085.shtml
-
http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf
Patch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=105162831008176&w=2
Products affected by CVE-2003-0222
- cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.1x:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle8i:8.0x:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*