CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5344

Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.139

EPSS Ranking 93.9%

CVSS Severity

CVSS v2 Score 9.0

References

Products affected by CVE-2006-5344

Oracle » Database Server » Version: 10.1.0.4

cpe:2.3:a:oracle:database_server:10.1.0.4
Oracle » Database Server » Version: 8.1.7.4

cpe:2.3:a:oracle:database_server:8.1.7.4
Oracle » Database Server » Version: 9.0.1.5

cpe:2.3:a:oracle:database_server:9.0.1.5
Oracle » Database Server » Version: 9.2.0.7

cpe:2.3:a:oracle:database_server:9.2.0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-5344

Products

Pricing

Contact Us