CVE-2007-3338

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

Link	Resource
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp	Patch
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
http://www.securityfocus.com/bid/24585
http://secunia.com/advisories/25775	Vendor Advisory
http://secunia.com/advisories/25756	Vendor Advisory
http://www.vupen.com/english/advisories/2007/2288	Vendor Advisory
http://www.vupen.com/english/advisories/2007/2290	Vendor Advisory
http://osvdb.org/37483
https://exchange.xforce.ibmcloud.com/vulnerabilities/34998
https://exchange.xforce.ibmcloud.com/vulnerabilities/34995
http://www.securityfocus.com/archive/1/472197/100/0/threaded
http://www.securityfocus.com/archive/1/472194/100/0/threaded

Configuration 1

cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:* cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:* cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:* cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*

---

Published : 2007-06-22 06:30

Updated : 2018-10-16 04:48

---

NVD link : CVE-2007-3338

Mitre link : CVE-2007-3338

No products.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer