Detections
Analytics

CVE-2007-3338

critical

Description

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34998

https://exchange.xforce.ibmcloud.com/vulnerabilities/34995

http://www.vupen.com/english/advisories/2007/2290

http://www.vupen.com/english/advisories/2007/2288

http://www.securityfocus.com/bid/24585

http://www.securityfocus.com/archive/1/472197/100/0/threaded

http://www.securityfocus.com/archive/1/472194/100/0/threaded

http://www.ngssoftware.com/advisories/medium-risk-vulnerability-in-ingres-stack-overflow/

http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=145778

http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

http://secunia.com/advisories/25775

http://secunia.com/advisories/25756

http://osvdb.org/37483

Details

Source: Mitre, NVD

Published: 2007-06-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.06673