PT-1999-1651 · Oracle · Db

Published

1999-12-31

Updated

2016-10-18

CVE-1999-1330

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: db library version 1.85.4

Description: The issue concerns the snprintf function in the db library, which fails to properly implement the size parameter. This oversight could enable attackers to exploit buffer overflows that would otherwise be prevented by a correctly implemented snprintf function.

Recommendations: For db library version 1.85.4, consider disabling the use of the snprintf function until a patch is available that properly implements the size parameter to prevent buffer overflows.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1330

PT-1999-1651 · Oracle · Db

CVE-1999-1330

Related Identifiers

Affected Products

References · 5