VYPR
Unrated severityNVD Advisory· Published Jun 22, 2007· Updated Jun 16, 2026

CVE-2007-3336

CVE-2007-3336

Description

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:ingres:database_server:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ingres:database_server:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ingres:database_server:9.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ingres:database_server:r3:*:*:*:*:*:*:*
  • Ca/Ingresllm-create
    Range: <=2006 r3 9.0.4, 2.6, 2.5

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.