SB2026042284 - Multiple vulnerabilities in Oracle Communications EAGLE Application Processor

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026042284

SB2026042284 - Multiple vulnerabilities in Oracle Communications EAGLE Application Processor

Published: April 22, 2026

Security Bulletin ID SB2026042284
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2025-5318)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.


2) Stack-based buffer overflow (CVE-ID: CVE-2025-68615)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SnmpTrapd service. A remote unauthenticated attacker can send specially crafted input to port 162/UDP, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References