Oracle Database Server 8i versions 18.104.22.168 and prior, 9i versions 22.214.171.124 and prior, 9iR2 versions 126.96.36.199 and prior, and 10g versions 10.1.0.4 and prior contain a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on the affected database.
The vulnerability exists due to a lack of bounds checking in the SDO_CS package of the Spatial component. An authenticated, remote attacker could exploit this vulnerability by submitting an overly large value to a vulnerable function. This action could allow the attacker to cause a DoS condition on the Oracle database.
Oracle has confirmed this vulnerability as DB21 in the October 2006 Critical Patch Update and released updated software to correct