CVE-2022-21432

Name of the Vulnerable Software and Affected Versions Oracle Database - Enterprise Edition RDBMS Security versions 12.1.0.2, 19c, and 21c

Description The issue is related to errors in resource release in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Exploitation of this issue can allow a remote attacker to cause a denial of service using the Oracle Net protocol. A highly privileged attacker with DBA role privilege and network access via Oracle Net can compromise Oracle Database - Enterprise Edition RDBMS Security, resulting in the ability to cause a partial denial of service.

Recommendations For version 12.1.0.2, update to a version that includes the fix for this issue. For version 19c, update to a version that includes the fix for this issue. For version 21c, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Oracle Net protocol to minimize the risk of exploitation.