Memory Leak in Oracle TNS Exposes Sensitive Information

A recent investigation has revealed a vulnerability in Oracle's Transparent Network Substrate (TNS) protocol that allows an unauthenticated attacker to extract fragments of system memory, including environment variables and connection data, simply by sending a request to the database listener. Oracle addressed this issue in the April 2025 Critical Patch Update (CPU), but servers exposed to the Internet are still being detected.