VDB
CVE-2002-0965
CVE-2002-0965
PUBLISHED
KEV
CVSS 7.5 HIGH
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
EPSS 74.65% · 98.9th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
74.65%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | oracle9i | 9.0, 9.0.1, 9.0.2 |
| n/a | n/a | n/a |
Timeline
- CVE Published
- Nov 24, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- VU#630091 third-party-advisory
- http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf url
- 4845 vdb
- 20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A) mailing-list
- oracle-listener-servicename-bo(9288) vdb
- 20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A) mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2002-0965 advisory