ODP.NET

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Addressing Veracode security flaws in Oracle.dataacess.dll

Dennis baffourFeb 9 2021

Dear Oracle Support
A recent security scan of our application which uses ODP.Net component Oracle.dataacess.dll has revealed a security flaw in 3 places of the component.
The flaw is CWE 331 Insufficient Entropy
void RegulateNumOfConsThreadFunc(object):

int GetConnection(OpoConCtx):
void GetDisposalInfo(int, ref ConnectionPool[] /*0*/, ref int[] /*0*/): 24%
The component details are as follows.
Oracle.DataAccess, Version=4.121.2.0, Culture=neutral, PublicKeyToken=89b483f429c47342
// Architecture: x64
// Runtime: .NET 4.0
Is there a newer component that addresses this issue? I have been tasked to address this flaw which is in our production environment.

Thanks
Dennis Baffour

Added on Feb 9 2021

#odp-net

5 comments

415 views