CVE-2021-2045

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 12.1.0.2, 12.2.0.1, 18c, and 19c

Description: The issue is related to insufficient input validation in the Oracle Text component of Oracle Database Server. It allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to compromise Oracle Text. Successful attacks can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Text. An attacker can exploit this issue by sending specially crafted network packets.

Recommendations: For versions 12.1.0.2, 12.2.0.1, 18c, and 19c, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.