Strix
26.1K

CVE-2007-3338

UnknownEPSS 6.67%

Last modified

CVE-2007-3338 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.. EPSS estimates a 6.67% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

Metrics

EPSS Probability
6.67%

93.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IngresDatabase Server2.5
IngresDatabase Server2.6
IngresDatabase Server9.0.4
IngresDatabase Serverr3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2007-3338?
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.
How severe is CVE-2007-3338?
Severity scoring for CVE-2007-3338 is pending analysis. The EPSS model estimates a 6.67% probability of exploitation in the next 30 days.
How do I fix CVE-2007-3338?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-3338?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST