CVE-2003-0222: Buffer Overflow
First published: Wed Apr 30 2003(Updated: )
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =8.0.5.1 | |
| Oracle 8i | =8.0x | |
| Oracle Oracle9i | =9.0.1 | |
| Oracle Oracle9i | =9.0.2 | |
| Oracle 8i | =8.0.6 | |
| Oracle Database | =8.1.7 | |
| Oracle Database | =8.1.5 | |
| Oracle Oracle9i | =9.0 | |
| Oracle 8i | =8.1.6 | |
| Oracle Database | =7.3.3 | |
| Oracle Database | =8.1.6 | |
| Oracle 8i | =8.1.5 | |
| Oracle Oracle9i | =9.0.1.2 | |
| Oracle Oracle9i | =9.0.1.3 | |
| Oracle Database | =8.0.2 | |
| Oracle Database | =9.2.1 | |
| Oracle 8i | =8.1.7 | |
| Oracle 8i | =8.1.7.1 | |
| Oracle Database | =8.0.3 | |
| Oracle Database | =8.0.4 | |
| Oracle Database | =9.2.2 | |
| Oracle 8i | =8.1.7.4 | |
| Oracle 8i | =8.1x | |
| Oracle Oracle9i | =9.2.0.1 | |
| Oracle Oracle9i | =9.2.0.2 | |
| Oracle Database | =8.0.5 | |
| Oracle 8i | =8.0.6.3 | |
| Oracle Database | =7.3.4 | |
| Oracle Database | =8.0.6 | |
| Oracle Database | =8.0.1 | |
| Oracle Oracle9i | =9.0.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0222?
CVE-2003-0222 is classified as a high severity vulnerability due to its potential for causing arbitrary code execution.
How do I fix CVE-2003-0222?
To fix CVE-2003-0222, it is recommended to apply the latest patches and updates from Oracle for the affected database versions.
Which Oracle Database versions are affected by CVE-2003-0222?
CVE-2003-0222 affects Oracle Database Server 9i release 2 and earlier, including versions 8.0.x, 8.1.x, and Oracle 8i.
What types of attacks are possible due to CVE-2003-0222?
CVE-2003-0222 could allow attackers to execute arbitrary code through specially crafted "CREATE DATABASE LINK" queries.
Is it possible to mitigate CVE-2003-0222 if I cannot apply the patch immediately?
While applying patches is the best approach, temporary mitigation may include restricting database access and monitoring for suspicious activity.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/softwarecombine
- vendor/oracle
- canonical/oracle database
- version/oracle database/8.0.5.1
- canonical/oracle 8i
- version/oracle 8i/8.0x
- canonical/oracle oracle9i
- version/oracle oracle9i/9.0.1
- version/oracle oracle9i/9.0.2
- version/oracle 8i/8.0.6
- version/oracle database/8.1.7
- version/oracle database/8.1.5
- version/oracle oracle9i/9.0
- version/oracle 8i/8.1.6
- version/oracle database/7.3.3
- version/oracle database/8.1.6
- version/oracle 8i/8.1.5
- version/oracle oracle9i/9.0.1.2
- version/oracle oracle9i/9.0.1.3
- version/oracle database/8.0.2
- version/oracle database/9.2.1
- version/oracle 8i/8.1.7
- version/oracle 8i/8.1.7.1
- version/oracle database/8.0.3
- version/oracle database/8.0.4
- version/oracle database/9.2.2
- version/oracle 8i/8.1.7.4
- version/oracle 8i/8.1x
- version/oracle oracle9i/9.2.0.1
- version/oracle oracle9i/9.2.0.2
- version/oracle database/8.0.5
- version/oracle 8i/8.0.6.3
- version/oracle database/7.3.4
- version/oracle database/8.0.6
- version/oracle database/8.0.1
- version/oracle oracle9i/9.0.1.4