Vulnerability Description
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ingres | Database Server | 2.5 |
Related Weaknesses (CWE)
References
- http://osvdb.org/37483
- http://secunia.com/advisories/25756Vendor Advisory
- http://secunia.com/advisories/25775Vendor Advisory
- http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.aspPatch
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778
- http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-ov
- http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-
- http://www.securityfocus.com/archive/1/472194/100/0/threaded
- http://www.securityfocus.com/archive/1/472197/100/0/threaded
- http://www.securityfocus.com/bid/24585
- http://www.vupen.com/english/advisories/2007/2288Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2290Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34995
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34998
- http://osvdb.org/37483
FAQ
What is CVE-2007-3338?
CVE-2007-3338 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code vi...
How severe is CVE-2007-3338?
CVE-2007-3338 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3338?
Check the references section above for vendor advisories and patch information. Affected products include: Ingres Database Server.