{ "schema_version": "1.4.0", "id": "GHSA-jq9h-634g-v84w", "modified": "2025-04-09T03:47:26Z", "published": "2022-05-01T18:34:02Z", "aliases": [ "CVE-2007-5507" ], "details": "The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5507" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=119332677525918&w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/27251" }, { "type": "WEB", "url": "http://secunia.com/advisories/27409" }, { "type": "WEB", "url": "http://securityreason.com/securityalert/3250" }, { "type": "WEB", "url": "http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/482423/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/26103" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1018823" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA07-290A.html" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2007/3524" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2007/3626" } ], "database_specific": { "cwe_ids": [ "CWE-119", "CWE-20" ], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2007-10-17T23:17:00Z" } }