Oracle has patched a security vulnerability in its TNS protocol that could allow attackers to access sensitive memory data remotely. This flaw affects several versions of Oracle Database Server and emphasizes the importance of proper configuration and timely updates. #OracleTNS #MemoryLeakVulnerability
Keypoints
- The vulnerability, CVE-2025-30733, allows unauthenticated remote access to system memory via the Oracle TNS listener.
- It impacts Oracle Database Server versions 19.3–19.26, 21.3–21.17, and 23.4–23.7, with a medium severity score of 6.5.
- The memory leak occurs during interactions with TNS over SSL/TLS, exposing environment variables and connection details.
- Mitigation involves applying the April 2025 patch, enabling LOCAL_OS_AUTHENTICATION, and restricting external exposure of the TNS listener.
- Organizations should review their configurations and minimize internet-facing database services to prevent exploitation.
Read More: https://gbhackers.com/oracle-tns-flaw-exposes-system-memory-to-unauthorized-access/