CVE-2007-3338
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.53 Medium
EPSS
Percentile
97.6%
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
References
osvdb.org/37483
secunia.com/advisories/25756
secunia.com/advisories/25775
supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp
www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
www.securityfocus.com/archive/1/472194/100/0/threaded
www.securityfocus.com/archive/1/472197/100/0/threaded
www.securityfocus.com/bid/24585
www.vupen.com/english/advisories/2007/2288
www.vupen.com/english/advisories/2007/2290
exchange.xforce.ibmcloud.com/vulnerabilities/34995
exchange.xforce.ibmcloud.com/vulnerabilities/34998
Related
7.6 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.53 Medium
EPSS
Percentile
97.6%