Oracle Outside-In Technology SDW File Processing Buffer Overflow Vulnerability
On October 18, 2016, Oracle released an update for Oracle Outside-In Technology as part of the Oracle Critical Patch Update for October 2016 [1] to fix a heap-based buffer overflow and a use-after-free vulnerability that have been discovered by Secunia Research [2]. Both of which may ultimately result in a system compromise through an application that uses and exposes the affected functionality of Oracle Outside-In Technology and thus are rated as “Highly Critical” by Secunia Research.
Additionally, Oracle addressed three further vulnerabilities discovered by Secunia Research that may result in a so-called “Denial of Service” (DoS) condition of an application using Oracle Outside-In Technology.
This blog post focusses on the heap-based buffer overflow vulnerability.