1. Home
  2. CVE Database
  3. CVE-2008-1820
MEDIUM · 4.0

CVE-2008-1820

Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE...

Vulnerability Description

Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
OracleDatabase 10G10.1.0.5
OracleDatabase 11G11.1.0.6
OracleDatabase 9I9.2.0.8

References

FAQ

What is CVE-2008-1820?

CVE-2008-1820 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE...

How severe is CVE-2008-1820?

CVE-2008-1820 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1820?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database 10G, Oracle Database 11G, Oracle Database 9I.