CVE-2020-2981

Name of the Vulnerable Software and Affected Versions Oracle Berkeley DB versions prior to 18.1.40

Description The issue exists due to insufficient input validation in the Data Store component of Oracle Berkeley DB. Exploitation of this issue can allow an attacker to gain full control over the system. The vulnerability is difficult to exploit and requires an unauthenticated attacker with logon to the infrastructure where Data Store executes. Successful attacks also require human interaction from a person other than the attacker, which can result in the takeover of Data Store.

Recommendations For versions prior to 18.1.40, update to version 18.1.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the Data Store component to minimize the risk of exploitation.