CVE-2006-0272

2006-01-1811:03:00

mitre

web.nvd.nist.gov

cve-2006-0272

oracle

database

xml

vulnerability

buffer overflow

9.2.0.7

10.1.0.4

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.927

Percentile

99.0%

JSON

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Affected configurations

Nvd

Node

oracleoracle10gMatchenterprise_10.1.0.4

oracleoracle10gMatchpersonal_10.1.0.4

oracleoracle10gMatchstandard_10.1.0.4

oracleoracle9iMatchstandard_9.2.0.7

VendorProductVersionCPE
oracleoracle10genterprise_10.1.0.4cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
oracleoracle10gpersonal_10.1.0.4cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
oracleoracle10gstandard_10.1.0.4cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
oracleoracle9istandard_9.2.0.7cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	oracle10g	enterprise_10.1.0.4	cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:::::::*
oracle	oracle10g	personal_10.1.0.4	cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:::::::*
oracle	oracle10g	standard_10.1.0.4	cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:::::::*
oracle	oracle9i	standard_9.2.0.7	cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:::::::*