CVE-2018-2912

Name of the Vulnerable Software and Affected Versions Oracle GoldenGate versions 12.1.2.1.0 through 12.3.0.1.0

Description The issue is related to a null pointer dereference in the Manager component of Oracle GoldenGate. It can be exploited by a remote attacker who sends an incorrect command, such as a START VERSION command with a missing separator, during a TCP connection establishment. This can cause a denial of service, allowing the attacker to hang or crash Oracle GoldenGate repeatedly.

Recommendations For versions 12.1.2.1.0, 12.2.0.2.0, and 12.3.0.1.0, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.