CVE-2007-3336
Last modified
CVE-2007-3336 is a vulnerability of currently unknown severity. Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.. EPSS estimates a 8.96% chance of exploitation in the next 30 days.
Description
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ingres | Database Server | 2.5 |
| Ingres | Database Server | 2.6 |
| Ingres | Database Server | 9.0.4 |
| Ingres | Database Server | r3 |
References
- http://secunia.com/advisories/25756Vendor Advisory
- http://secunia.com/advisories/25775Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2288Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2290Vendor Advisory
- http://secunia.com/advisories/25756Vendor Advisory
- http://secunia.com/advisories/25775Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2288Vendor Advisory
- http://www.vupen.com/english/advisories/2007/2290Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-3336?
How severe is CVE-2007-3336?
How do I fix CVE-2007-3336?
Are you affected by CVE-2007-3336?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST