Current Description

Unspecified vulnerability in the Advanced Queuing component in Oracle Database,,,, and has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure.

Basic Data

PublishedJuly 15, 2008
Last ModifiedOctober 23, 2012
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleAdvanced Queuing Component********
    2.3ApplicationOracleDatabase 9i9.2.0.8*******
    2.3ApplicationOracleDatabase 9i9.2.0.8dv******
    2.3ApplicationOracleDatabase Server10.1.0.5*******
    2.3ApplicationOracleDatabase Server10.2.0.4*******
    2.3ApplicationOracleDatabase Server11.1.0.6*******

Vulnerable Software List

Oracle Database Server,,
Oracle Advanced Queuing Component *
Oracle Database 9i


20080715 Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerability
31087 Advisory
31113 Advisory
ADV-2008-2109 Advisory
ADV-2008-2115 Advisory