CVE-2006-0272

2006-01-1811:03:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2006-0272

oracle

database

xml

vulnerability

buffer overflow

9.2.0.7

10.1.0.4

nvd

6.8 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.927 High

EPSS

Percentile

99.0%

JSON

Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

CPENameOperatorVersion
oracle:oracle10goracle oracle10geqenterprise_10.1.0.4
oracle:oracle10goracle oracle10geqstandard_10.1.0.4
oracle:oracle9ioracle oracle9ieqstandard_9.2.0.7
oracle:oracle10goracle oracle10geqpersonal_10.1.0.4

CPE	Name	Operator	Version
oracle:oracle10g	oracle oracle10g	eq	enterprise_10.1.0.4
oracle:oracle10g	oracle oracle10g	eq	standard_10.1.0.4
oracle:oracle9i	oracle oracle9i	eq	standard_9.2.0.7
oracle:oracle10g	oracle oracle10g	eq	personal_10.1.0.4