SB2025071637 - Multiple vulnerabilities in Oracle Communications User Data Repository

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025071637

SB2025071637 - Multiple vulnerabilities in Oracle Communications User Data Repository

Published: July 16, 2025

Security Bulletin ID SB2025071637
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2025-0624)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the grub_net_search_config_file() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.


2) Out-of-bounds write (CVE-ID: CVE-2024-46956)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in filenameforall. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.


3) Buffer overflow (CVE-ID: CVE-2023-27349)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of the AVRCP protocol. A remote attacker with physical proximity to device can send specially crafted Bluetooth packets to the affected system, trigger memory corruption and execute arbitrary code on the system.



Remediation

Install update from vendor's website.

References