VDB
CVE-2006-0272
CVE-2006-0272
PUBLISHED
CVSS 9 CRITICAL
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.
EPSS 25.71% · 96.4th percentile
Risk Scores
CVSS 2.0
9
EPSS Score
25.71%
96.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | oracle9i | standard_9.2.0.7 |
| oracle | oracle10g | enterprise_10.1.0.4, personal_10.1.0.4, standard_10.1.0.4 |
| n/a | n/a | n/a |
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jun 13, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf url
- oracle-january2006-update(24321) vdb
- http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html url
- 20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT} mailing-list
- 18493 third-party-advisory
- ADV-2006-0323 vdb
- 16287 vdb
- TA06-018A third-party-advisory
- VU#545804 third-party-advisory
- 1015499 vdb
- ADV-2006-0243 vdb
- http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html url
- 18608 third-party-advisory
- VU#891644 third-party-advisory
- http://www.argeniss.com/research/ARGENISS-ADV-010601.txt url
- oracle-xdbdbmx-xmlschema-bo(24376) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2006-0272 advisory